CISA Added Known Exploited Vulnerabilities to Catalog - 20240201001¶
Overview¶
CISA has added new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
What is vulnerable?¶
| Product(s) Affected | CVE | Severity | CVSS |
|---|---|---|---|
| Apple Multiple Products Improper Authentication Vulnerability | CVE-2022-48618 | High | 7.8 |
| Ivanti Connect Secure, Policy Secure, and Neurons Server-Side | CVE-2024-21893 | High | 8.2 |
What has been observed?¶
CISA added these vulnerabilties in their Known Exploited Vulnerabilties catalog on 2024-01-31.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe (refer Patch Management):