Without a lot of fanfare, last Friday, CISA removed a vulnerability from their Known Exploited Vulnerabilities Catalog. The announcement explained that:
“CISA is continually collaborating with partners across government and the private sector. As a result of this collaboration, CISA has concluded that there is insufficient evidence to keep the following CVE in the catalog and has removed it”.
The vulnerability was: “CVE-2022-28958 DIR-816L Remote Code Execution Vulnerability”.
Interestingly, a quick check on NVD.NIST.GOV for that vulnerability returns a “Rejected” notice, noting that:
“This record was withdrawn by its CNA. Further investigation showed that it was not a security issue.”
A similar message was found on the CVE record for this vulnerability on CVE.MITRE.org. Mitre was the CNA for the vulnerability.
Just when you wished for a cyber-PaulHarvey, to explain the
rest of the story, here is a December 2022 blog post
on VulnCheck.com that explains the problem that CISA corrected last Friday.
Wonder why it took so long to correct.
Posts
No comments:
Post a Comment