Today CISA announced that it had added three new vulnerabilities to their Known Exploited Vulnerabilities catalog. Included is a previously fixed path traversal vulnerability in the Zyxel firewall products that was originally reported as being exploited by Sekoia.io blog. CISA is ordering federal agencies to apply “mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.” A compliance deadline has been set for December 24th, 2024.
NOTE: I briefly discussed this vulnerability on Saturday.
CISA added a comment to today’s announcement that provided additional information on two Palo Alto Networks vulnerabilities previously added to the KEV catalog: CVE-2024-0012 and CVE-2024-9474. They reported that Palo Alto Networks now has additional information about the exploits of these two vulnerabilities:
Posts
No comments:
Post a Comment