"CISA Lists 300 Exploited Vulnerabilities That Organizations Need to Patch"

The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) issued a Binding Operational Directive (BOD), giving federal civilian agencies six months to patch nearly 300 vulnerabilities known to have been exploited in the wild. The list of known exploited vulnerabilities includes those discovered in products from SonicWall, Sophos, Sumavision, Symantec, TeamViewer, Telerik, Tenda, ThinkPHP, Trend Micro, TVT, Unraid, vBulletin, VMware, WordPress, Yealink, Zoho (ManageEngine), ZyXEL, Accellion, Adobe, Apple, Apache, Android, Arcadyan, Arm, Atlassian, BQE, Cisco, Citrix, D-Link, DNN, Docker, and more. CISA's list specifies that security bugs identified this year must be fixed by November 17, 2021, while the patching deadline for other vulnerabilities is May 3, 2022. While the BOD only requires federal civilian agencies to address the security flaws, CISA urges private companies and other government organizations to remediate the vulnerabilities. This article continues to discuss the catalog of 300 known exploited vulnerabilities provided by CISA and the BOD issued that instructs government agencies to patch those security flaws.

Security Week reports "CISA Lists 300 Exploited Vulnerabilities That Organizations Need to Patch"