October 2, 2023

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

  • CVE-2023-38180 Microsoft .NET Core and Visual Studio Denial of Service Vulnerability. An unspecified vulnerability that allows for denial of service.
  • CVE-2017-18368 Zyxel P660HN-T1A Routers Command Injection Vulnerability. Zyxel P660HN-T1A routers contain a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user and exploited via the remote_host parameter of the ViewLog.asp page.

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Advertisements

The remediation timeline for these vulnerabilities set as August 28 & 30 2023 respectively.

BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats

Tags:

Leave a Reply

You may have missed

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – September, 2023

October 2, 2023

TheCyberThrone Security Week In Review – September 30, 2023

October 1, 2023

Mozilla fixes CVE-2023-5217 Vulnerability in its Products

September 30, 2023

CISA KEV Update Part III – September 2023

September 30, 2023

Exim Mail Transfer Server Vulnerabilities

September 30, 2023
%d bloggers like this: