Yesterday CISA announced that it had added an unrestricted upload of file with dangerous type vulnerability in the Sierra Wireless AirLink ALEOS product to their Known Exploited Vulnerabilities (KEV) catalog. The vulnerability was reported by Cisco Talos on April 15th, 2019; the report included proof-of-concept code. Sierra Wireless published their advisory on the vulnerability (along with 12 others) on April 30th, 2019. CISA published their advisory on the vulnerability (along with six others) on August 20th, 2019, and most recently updated it on April 23, 2020.
CISA has
required that Federal agencies that use the affected products to apply “mitigations
per vendor instructions, follow applicable BOD 22-01 guidance for cloud
services, or discontinue use of the product if mitigations are unavailable.” Those
required actions are to be completed January 2nd, 2026.
Posts
No comments:
Post a Comment