The US CISA announced that it has added 15 vulnerabilities to its Known Exploited Vulnerabilities Catalog.
The newly added flaws one affecting SonicWall SonicOS and 14 impacting Microsoft Windows – are older issues, some of them having been patched for more than half a decade.
The SonicOS security hole CVE-2020-5135 can be exploited for DoS attacks and arbitrary code execution. The Windows flaws patched between 2016 and 2019 can all lead to privilege escalation.
CISA is asking federal agencies to address the newly flagged security defects by April 5, which is surprising, given that previously organizations were given half a year to resolve older flaws.
Although CISA created the Known Exploited Vulnerabilities Catalog to help federal agencies with their vulnerability management operations, all organizations are advised to review the list and address the identified flaws as soon as possible.