Yesterday, CISA announced that it had added a missing authentication for critical function vulnerability in the Splunk Enterprise product to its Known Exploited Vulnerabilities (KEV) catalog. Splunk previously disclosed the vulnerability on June 10th and provided new versions that mitigated the vulnerability. WatchTowr published a report on the vulnerability that included proof-of concept code last week.
CISA is directing all federal agencies to mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk guidance and CISA’s “Forensics Triage Requirements”. Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines. CISA has set June 21st, 2026 as a compliance deadline.
Posts
No comments:
Post a Comment