Tuesday, December 5, 2023

CISA Removes a Vulnerability from the KEV Catalog

Without a lot of fanfare, last Friday, CISA removed a vulnerability from their Known Exploited Vulnerabilities Catalog. The announcement explained that:

“CISA is continually collaborating with partners across government and the private sector. As a result of this collaboration, CISA has concluded that there is insufficient evidence to keep the following CVE in the catalog and has removed it”.

The vulnerability was: “CVE-2022-28958 DIR-816L Remote Code Execution Vulnerability”.

Interestingly, a quick check on NVD.NIST.GOV for that vulnerability returns a “Rejected” notice, noting that:

“This record was withdrawn by its CNA. Further investigation showed that it was not a security issue.”

A similar message was found on the CVE record for this vulnerability on CVE.MITRE.org. Mitre was the CNA for the vulnerability.

Just when you wished for a cyber-PaulHarvey, to explain the rest of the story, here is a December 2022 blog post on VulnCheck.com that explains the problem that CISA corrected last Friday. Wonder why it took so long to correct.

No comments:

/* Use this with templates/template-twocol.html */