According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.
The new vulnerabilities added to the catalog have to be addressed by federal agencies by April 15, 2022.
The oldest flaws in the set of 66 recently added issues are dated back to 2005.
One of the 66 flaws added to the catalog is the recently discovered Windows CVE-2022-21999 vulnerability, which is a Windows Print Spooler Elevation of Privilege bug. Microsoft addressed this bug with the release of the February 2022 Patch Tuesday updates.
Another issue added to the catalog, tracked as CVE-2022-26318, is an arbitrary code execution in WatchGuard Firebox and XTM Appliances.
CISA also added the CVE-2022-26143 vulnerability affecting Mitel MiCollab and MiVoice Business Express that can be exploited by a threat actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system.
The CISA Catalog has reached a total of 570 entries with the latest added issues.
(SecurityAffairs – hacking, CISA)