CISA Adds One Known Exploited Vulnerability to Catalog
CISA has updated its Known Exploited Vulnerabilities Catalog with a new vulnerability, CVE-2024-8963, which is an Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability. This type of vulnerability is frequently exploited by malicious actors and poses a significant risk to the federal enterprise. The Known Exploited Vulnerabilities Catalog was established by the Binding Operational Directive (BOD) 22-01 to identify and address vulnerabilities that carry significant risks to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the specified due date to protect their networks against active threats. CISA strongly urges all organizations to prioritize timely remediation of catalog vulnerabilities as part of their vulnerability management practice. The Known Exploited Vulnerabilities Catalog is a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risks to the federal enterprise. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. The BOD 22-01 Fact Sheet provides more information on the directive.