Home CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog

CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog

US Critical Infrastructure Security Agency (CISA) adds 41 new vulnerabilities to its Known Exploited Vulnerabilities Catalog.


The Cybersecurity & Infrastructure Security Agency (CISA) has added 41 flaws to its Known Exploited Vulnerabilities Catalog, including recently addressed issues in the Android kernel (CVE-2021-1048 and CVE-2021-0920) and Cisco IOS XR (CVE-2022-20821).

The Cisco IOS XR flaw (CVE-2022-20821, CVSS score: 6.5, is actively exploited in attacks in the wild, it resides in the health check RPM of Cisco IOS XR Software. An unauthenticated, remote attacker could trigger the issue to access the Redis instance that is running within the NOSi container.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

Some of the flaws added to the catalog in this turn are dated back to 2016, such as the issues affecting Apple (CVE-2016-4655, CVE-2016-4656, CVE-2016-4657), Microsoft (CVE-2016-0162, CVE-2016-3351, CVE-2016-3298) and Cisco Devices (CVE-2016-6366, CVE-2016-6367).

Other issues impact Google, Mozilla, Facebook, Adobe, and Webkit GTK software products, the vulnerabilities range from 2018 to 2021.

Some of the issues have to be addressed by federal agencies by June 13, 2022, while the others need to be fixed by June 14, 2022.

This post is licensed under CC BY 4.0 by the author.