Today, CISA announced that it had added four vulnerabilities to their Known Exploited Vulnerabilities (KEV) Catalog. These vulnerabilities included two authentication bypass vulnerabilities (CVE-2021-33044 and CVE-2021-33045) for 19 different Dahua Security IP cameras. The vulnerabilities were publicly disclosed (with proof-of-concept code) by bashis on October 6th, 2021. That disclosure was a coordinated disclosure with Dahau reportedly having a new firmware version available that mitigated the two vulnerabilities.
CISA noted in their announcement that:
“Binding
Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known
Exploited Vulnerabilities established the Known Exploited
Vulnerabilities Catalog as a living list of known Common Vulnerabilities and
Exposures (CVEs) that carry significant risk to the federal enterprise. BOD
22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate
identified vulnerabilities by the due date to protect FCEB networks against
active threats. See the BOD 22-01 Fact Sheet for more
information.”
Posts
No comments:
Post a Comment