CISA Updates Catalog of Known Exploited Vulnerabilities
The Cybersecurity Agency and Protection of the US infrastructure (CISA) has recently updated its catalog of well-known exploited vulnerabilities (Known Exploited Vulnerabs, KEV), which includes 6 vulnerabilities affecting the products of Apple, Adobe, Apache, D-Link, and Joomla.
The KEV catalog contains vital information about security problems that are actively exploited by attackers. This service is of great importance for organizations worldwide in managing vulnerabilities and prioritizing them. These vulnerabilities are often used by attackers to carry out attacks and pose significant risks to federal institutions.
CISA has set a deadline until January 29 for the elimination of six actively exploited vulnerabilities or the discontinuation of vulnerable products. The list of vulnerabilities includes the following:
- cve-2023-27524 (CVSS: 9.8) – This vulnerability involves unsafe resource initialization in Apache Superset versions up to 2.0.1. It allows attackers to authenticate and gain unauthorized access to resources when the Secret_key setting does not change by default.
- CVE-2023-23752 (CVSS: 5.3 rating) – This vulnerability involves an incorrect access check in Joomla! versions 4.0.0 to 4.2.7, which opens unauthorized access to web service endpoints.
- cve-2023-41990 (Evaluation of CVSS: 7.8) – This vulnerability involves Remote Code Execution (RCE) when processing a font file sent as IMessage on Apple iPhone devices running iOS 16.2 and earlier versions, leading to arbitrary