The Cybersecurity and Infrastructure Security Agency (CISA) has recently added six previously identified flaws to its Known Exploited Vulnerabilities Catalog. The addition was made last week, and the vulnerabilities are a frequent attack vector for threat actors, the agency stated. The CISA also noted that the flaws, although old, post a significant risk to the federal enterprise. The six recently added issues affect the Linux kernel, Code Aurora ACDB auto driver, and Microsoft Windows. The Microsoft Windows flaw is a remote code execution risk, according to the agency.
Although the CISA regularly updates the catalog, the four of the vulnerabilities added last week are from 2013, and an additional flaw was identified in 2010. Only one of the recently added flaws is a CVE from 2022, according to a security officer at Qualys. According to the company’s security executive, the outdated flaws show that several companies struggle to understand IT infrastructure or keeps these assets up to date. Although patching known and disclosed vulnerabilities is the best way to prevent attacks on those flaws, companies may be struggling to keep up with updates on all of their devices and software.
Read More: CISA Expands Vulnerabilities Catalog With Old, Exploited Flaws