My TechDecisions

IT Infrastructure, Network Security, News

CISA Adds 95 New Bugs To Database Of Known Exploited Vulnerabilities

Some security bugs recently added to CISA's catalog of known exploited vulnerabilities are more than a decade old.

Leave a Comment

CISA CPGs
Tada Images/ Stock.adobe.com

There are 95 new known exploited vulnerabilities that IT and security professionals should immediately investigate and mitigate, including several that date back at least a decade, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

The agency added the vulnerabilities to its catalog of known exploited vulnerabilities based on evidence of exploitation in the wild. The security bugs added this week are frequent attack vectors for threat actors and post significant risk to not only government networks, but the private sector as well.

With the new additions, CISA’s catalog now includes 478 vulnerabilities that have been exploited in the wild.

The newly added vulnerabilities include newly discovered bugs in Cisco Small Business RV Series routers and other switches, Cisco’s IOS software, Microsoft Excel, Exchange Server, Adobe Flash Player, Linux Kernel and many others.

All of CISA’s new known exploited vulnerabilities added are currently patchable by following vendor instructions, according to CISA’s database.

While most of the bugs recently added are relatively new, many are older, with some dating back nearly 20 years, including Windows privilege Escalation vulnerabilities from 2002 and 2004. According to CISA’s full list, there are 23 known exploited vulnerabilities that are at least a decade old.

The bugs range in severity, but many are rated as high or critical, so organizations should make sure their systems are patched, especially for the older vulnerabilities listed.

Government agencies are required to patch the majority of the newly listed vulnerabilities by March 24, but there is a shorter deadline of March 17 for 27 of the bugs, eight of which come with CVSS score of at least 9.8, so they should be prioritized.

Those bugs with a shorter deadline include the Cisco Small Business RV series vulnerabilities, Microsoft Windows Installer, Apache Tomacat, Treck TCP/IP stack, Exim, Microsoft Excel, Microsoft Exchange Server, ChakraCore scripting engine, Cisco IOS software and Cisco Catalyst 4500 and 45000-X series switches.

Click here for CISA’s full list of known exploited vulnerabilities. 

Reader Interactions

Leave a Reply

Your email address will not be published.

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Harnessing the Power of Digital Signage
Harnessing the Power of Digital Signage

Choosing the best solutions for messaging, branding, and communicating in today’s content-everywhere landscape

Blueprint Series Cover: What works for hybrid work
Blueprint Series: What Works for Hybrid Work

Download this free resource to learn about how IT leaders can effectively manage and implement a hybrid work model.

Guide to creating a ransomware response plan download
Blueprint Series: Creating a Ransomware Response Plan

Chances are ransomware hackers are researching your company right now. They’re investing time and money to choose the most profitable targets and a...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ