The US Cybersecurity and Infrastructure Security Agency (CISA) has added 95 new bugs to its catalog of known exploitable vulnerabilities, including several critical bugs in Cisco routers, Windows, Adobe Flash Player, etc.
The vulnerability in Windows (CVE-2021-41379) was used in real attacks on customers in November last year. The privilege escalation vulnerability affects Windows versions 11 and older.
Problems in Cisco routers received a maximum score of 10 points on the CVSS scale. Exploiting vulnerabilities allowed attackers to execute malicious code, elevate privileges, run random commands, disconnect the device from the network, bypass authentication, etc. The problems affect Cisco routers for small businesses of the RV160, RV260, RV340 and RV345 series.
The CISA list is important for US federal government agencies because, in accordance with the mandatory operational directive BOD 22-01, employees are required to respond to CISA warnings about vulnerabilities within a specified time frame. In this case, the deadline for applying these updates from suppliers is March, which shows how important it is for CISA to have agencies respond quickly.