CISA Adds Four New Vulnerabilities to Known Exploited Vulnerabilities Catalog

Release Date: September 17, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four additional vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on confirmed evidence of active exploitation. These vulnerabilities, all associated with Adobe Flash Player, are frequent targets for cyberattacks and pose significant risks to federal agencies and organizations relying on vulnerable systems.

The newly added vulnerabilities are:

  • CVE-2014-0497: Adobe Flash Player Integer Underflow Vulnerability
  • CVE-2013-0643: Adobe Flash Player Incorrect Default Permissions Vulnerability
  • CVE-2013-0648: Adobe Flash Player Code Execution Vulnerability
  • CVE-2014-0502: Adobe Flash Player Double Free Vulnerability

These vulnerabilities, which have long been a part of the attack arsenal of malicious actors, can lead to serious compromises, including unauthorized access, data theft, and the execution of malicious code. For organizations, these flaws represent critical entry points for cyberattacks that could disrupt operations or compromise sensitive information.

Reducing the Risk: Binding Operational Directive 22-01

CISA's action is in line with Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, which mandates that Federal Civilian Executive Branch (FCEB) agencies take steps to remediate these vulnerabilities by a specific due date. BOD 22-01 created the Known Exploited Vulnerabilities Catalog as a dynamic list of Common Vulnerabilities and Exposures (CVEs) that present serious risks to federal agencies and networks.

Although BOD 22-01 applies directly to FCEB agencies, CISA strongly advises all organizations to take immediate action to reduce their risk of cyberattacks by prioritizing the remediation of vulnerabilities included in the catalog. By addressing these vulnerabilities, organizations can strengthen their defenses and reduce the likelihood of exploitation by malicious actors.

Learn More About CommandLink:
Contact Page

ADDITIONAL

RESOURCES:

Library with dropdown

Schedule a Demo:

Schedule a Demo
22722 29th Drive SE Suite 100 Bothell, WA 98021
Single source platform to design, deploy and manage internet access, SD-WAN, SASE, security, cloud phone systems, & collaboration services in one unified SaaS platform.
Copyright CommandLink. All rights reserved.
apartmentcloudcloud-synccloud-checklocklicenseuserusersspell-checklaptop-phonechart-barsselectthumbs-upchevron-downmovelayers