CISA, FBI, NSA, and International Partners Release Joint Advisory on 2023 Top Routinely Exploited Vulnerabilities

https://www.cisa.gov/cybersecurity-advisories/alerts.xml / Tue, 11/12/2024 - 17:39

Today, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), National Security Agency (NSA), and international partners released joint Cybersecurity Advisory, 2023 Top Routinely Exploited Vulnerabilities.

This advisory supplies details on the top Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors and their associated Common Weakness Enumeration(s) (CWE) to help organizations better understand the impact of exploitation. International partners contributing to this advisory include:

Australian Signals Directorate’s Australian Cyber Security Centre
Canadian Centre for Cyber Security
New Zealand National Cyber Security Centre and New Zealand Computer Emergency Response Team
United Kingdom’s National Cyber Security Centre

The authoring agencies urge all organizations to review and implement the recommended mitigations detailed in this advisory. The advisory provides vendors, designers, and developers a guide for implementing secure by design and default principles and tactics to reduce the prevalence of vulnerabilities in their software and end-user organizations mitigations. Following this guidance will help reduce the risk of compromise by malicious cyber actors.

Vendors and developers are encouraged to take appropriate steps to provide products that protect their customers’ sensitive data. To learn more about secure by design principles and practices, visit CISA’s Secure by Design.

About

Kenya Education Network CERT(KENET-CERT) is a Cybersecurity Emergency Response Team and Co-ordination Center operated by the National Research and Education Network of Kenya. KENET-CERT coordination center promotes awareness on cybersecurity incidences as well as coordinates and assists member institutions in responding effectively to cyber security threats and incidences. KENET-CERT works closely with Kenya's National CIRT coordination center (CIRT/CC) as a sector CIRT for the academic institutions. KENET promotes use of ICT in Teaching, Learning and Research in Higher Education Institutions in Kenya. KENET aims to interconnect all the Universities, Tertiary and Research Institutions in Kenya by setting up a cost effective and sustainable private network with high speed access to the global Internet. KENET also facilitates electronic communication among students and faculties in member institutions, share learning and teaching resources by collaboration in Research and Development of Educational content.

CISA, FBI, NSA, and International Partners Release Joint Advisory on 2023 Top Routinely Exploited Vulnerabilities

Categories

Recent Posts

CVE-2025-14135 - Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 mod_form.so AP_get_wired_clientlist_setClientsName stack-based overflow

CVE-2025-14134 - Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 mod_form.so stack-based overflow

CVE-2025-13748 - Fluent Forms <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_id

About