Today, CISA added three new vulnerabilities to their Known Exploited Vulnerabilities Catalog, including two vulnerabilities for the DrayTek Vigo Connect local network management product. The two DrayTek vulnerabilities are:
Path Traversal - CVE-2021-20123 and CVE-2021-20124
The vulnerabilities were discovered by Tenable, who published their report (including proof-of-concept code) on October 12th, 2021. DrayTek acknowledged these vulnerabilities on October 15th, 2021, reporting that they had a new version that mitigated the vulnerabilities.
CISA is requiring government agencies possessing the
affected versions of these products to update to the new version (or
discontinue the use of those products) by September 24th, 2024.
Posts
No comments:
Post a Comment