CISA Tells Organizations to Patch CVEs Dating Back to 2014
The US government has added eight more vulnerabilities to a list of CVEs that federal agencies are required to patch, called the Known Exploited Vulnerabilities Catalog. The list was first launched by the Cybersecurity and Infrastructure Security Agency in November 2021, and is an effort to enhance cyber resilience and practices. Some of the vulnerabilities first appeared eight years ago. Although the catalog’s contents only apply to civilian federal agencies, all organizations are encouraged to monitor the list on an ongoing bases to avoid ransomware attacks, data theft, or other malicious acts.
Some of the latest bugs added to the catalog include two that federal agencies must fix by February 11 are a memory corruption vulnerability, and a stack-based buffer overflow bug SonicWall SMA. One of the bugs was discovered and published to the National Vulnerability Database in 2020, however, some of them were discovered several years ago, including two arbitrary code execution vulnerabilities in the GNU Bourne Again Shell Unix shell and command language. Besides any Apple and SonicWall flaws, the rest of the list must be patched by federal agencies by July 28.