CISA Adds One Known Exploited Vulnerability to Catalog for Versa Networks Director

CISA Adds One Known Exploited Vulnerability to Catalog for Versa Networks Director

https://www.cisa.gov/cybersecurity-advisories/alerts.xml / Sat, 08/24/2024 - 06:50

<p>CISA has added one new vulnerability to its&nbsp;<a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog&quot; title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities Catalog</a>, based on evidence of active exploitation.</p>
<ul type="square">
<li><a href="https://www.cve.org/CVERecord?id=CVE-2024-39717&quot; target="_blank" title="https://www.cve.org/cverecord?id=cve-2024-39717">CVE-2024-39717</a&gt; Versa Director Dangerous File Type Upload Vulnerability</li>
</ul>
<p>These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.</p>
<p><a href="https://www.cisa.gov/binding-operational-directive-22-01&quot; title="Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities">Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities</a>&nbsp;established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the&nbsp;<a href="https://www.cisa.gov/sites/default/files/publications/Reducing_the_Sign…; title="BOD 22-01 Fact Sheet">BOD 22-01 Fact Sheet</a>&nbsp;for more information.</p>
<p>Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of&nbsp;<a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog&quot; title="Catalog vulnerabilities">Catalog vulnerabilities</a>&nbsp;as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the&nbsp;<a href="https://www.cisa.gov/known-exploited-vulnerabilities&quot; title="specified criteria">specified criteria</a>.</p>

About

Kenya Education Network CERT(KENET-CERT) is a Cybersecurity Emergency Response Team and Co-ordination Center operated by the National Research and Education Network of Kenya. KENET-CERT coordination center promotes awareness on cybersecurity incidences as well as coordinates and assists member institutions in responding effectively to cyber security threats and incidences. KENET-CERT works closely with Kenya's National CIRT coordination center (CIRT/CC) as a sector CIRT for the academic institutions. KENET promotes use of ICT in Teaching, Learning and Research in Higher Education Institutions in Kenya. KENET aims to interconnect all the Universities, Tertiary and Research Institutions in Kenya by setting up a cost effective and sustainable private network with high speed access to the global Internet. KENET also facilitates electronic communication among students and faculties in member institutions, share learning and teaching resources by collaboration in Research and Development of Educational content.