CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added a new vulnerability to its Known Exploited Vulnerabilities Catalog, which is based on evidence of active exploitation. The added vulnerability is CVE-2023-0386, a Linux Kernel Improper Ownership Management Vulnerability. This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. The Binding Operational Directive 22-01 established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures that carry significant risk. The directive requires Federal Civilian Executive Branch agencies to remediate identified vulnerabilities by the due date to protect their networks against active threats. Although the directive only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. The KEV Catalog is a living list of known vulnerabilities that carry significant risk to the federal enterprise. Federal agencies are required to remediate identified vulnerabilities by the due date to protect their networks against active threats. CISA will continue to add vulnerabilities to the catalog's criteria.