The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog with two newly identified vulnerabilities that pose significant risks to federal systems and beyond.
The additions, announced on December 16, 2024, highlight the ongoing efforts to mitigate cyber threats targeting critical infrastructure and organizational networks.
Details of the Newly Added Vulnerabilities
The two vulnerabilities added to the KEV Catalog are:
- CVE-2024-20767: An improper access control vulnerability in Adobe ColdFusion. This flaw could allow attackers to bypass security measures and gain unauthorized access to sensitive systems.
- CVE-2024-35250: A vulnerability in Microsoft Windows Kernel-Mode Driver caused by untrusted pointer dereferencing. This issue could enable attackers to execute malicious code or destabilize affected systems.
Both vulnerabilities have been actively exploited in the wild, making them high-priority targets for remediation.
These types of flaws are frequently leveraged by cybercriminals to infiltrate networks, steal data, or disrupt operations, posing serious risks to organizations that fail to address them promptly.
Federal Directive Mandates Swift Action
The inclusion of these vulnerabilities is part of CISA’s Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities.
This directive requires Federal Civilian Executive Branch (FCEB) agencies to remediate listed vulnerabilities by specific deadlines to protect their networks against active threats.
The KEV Catalog serves as a dynamic list of Common Vulnerabilities and Exposures (CVEs) that present significant risks.
While BOD 22-01 is mandatory for FCEB agencies, CISA strongly encourages all organizations—public and private—to adopt similar practices.
Timely remediation of these vulnerabilities is critical for reducing exposure to cyberattacks and ensuring robust cybersecurity defenses.
Call for Proactive Cybersecurity Measures
CISA’s announcement underscores the importance of proactive vulnerability management across all sectors.
Organizations are urged to prioritize patching systems affected by CVE-2024-20767 and CVE-2024-35250 as part of their broader cybersecurity strategies.
By addressing these vulnerabilities promptly, organizations can mitigate the potential for exploitation and minimize disruptions caused by cyber incidents.
CISA has reiterated its commitment to updating the KEV Catalog regularly as new threats emerge, providing a vital resource for organizations aiming to stay ahead of evolving cyber risks.
As cyberattacks grow increasingly sophisticated, collaboration between government agencies, private entities, and cybersecurity experts remains essential in safeguarding critical systems and data from malicious actors.
Also Read:
%20(1)%20(1).webp?w=1200&resize=1200,0&ssl=1&description=Highlight the ongoing efforts to mitigate cyber threats targeting critical infrastructure and organizational networks.){kind=link}