Security News > 2022 > January > CISA adds 8 vulnerabilities to list of actively exploited bugs
The US Cybersecurity & Infrastructure Security Agency has added eight more flaws to its catalog of exploited vulnerabilities that are known to be used in attacks, and they're a mix of old and new.
The goal of publishing these vulnerabilities is to raise awareness and remind federal organizations of their obligation to apply security updates by a specified strict deadline.
As all of the vulnerabilities in the catalog are leveraged in active threats and current cyber-attacks, they carry a significant risk to organizations, allowing the takeover of mobile devices, network access, the ability to execute commands remotely.
Due to the potential impact of this vulnerability on devices with wide circulation, CISA has given federal agencies until February 11, 2022, to apply the security updates.
CISA also added the CVE-2021-20038 vulnerability affecting SonicWall SMA 100 Appliances after it was discovered that threat actors were actively scanning for and attempting to exploit the vulnerability.
With the addition of these eight vulnerabilities, there is now a total of 351 exploited vulnerabilities listed in CISA's Known Exploited Vulnerabilities Catalog.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-08 | CVE-2021-20038 | Out-of-bounds Write vulnerability in Sonicwall products A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. | 7.5 |