CISA Adds Microsoft Exchange and Cisco ASA Flaws to Known Exploited Vulnerabilities Catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two significant vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to address the flaws with urgency. The agency cited the Binding Operational Directive (BOD) 22-01, which notes that the vulnerabilities must be addressed by a certain date to protect networks from potential attacks.

The two vulnerabilities are:

  1. CVE-2020-3259 Cisco ASA and FTD Information Disclosure Vulnerability: This vulnerability is an information disclosure issue that affects the web services interface of ASA and FTD devices. Cisco addressed the bug in May 2020.
  2. CVE-2024-21410 Microsoft Exchange Server Privilege Escalation Vulnerability: This is a bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution. This could lead to data exposure, a lack of system availability, or both. Microsoft advises that an attacker could target an NTLM client such as Outlook with an NTLM credentials-leaking type vulnerability.

Leaked credentials could then be relayed against the Exchange server to gain privileges as the victim client and perform operations on the Exchange server on the victim's behalf.

According to the CISA catalog, federal agencies must fix these vulnerabilities by March 7, 2024. The Binding Operational Directive (BOD) 22-01 requires federal agencies to address the identified vulnerabilities by the due date to mitigate the risk of network attacks.

Security experts recommend that private organizations review the Catalog and address any vulnerabilities in their infrastructure to prevent potential threats.

Following the recent vulnerability exchange between the U.S. government and Microsoft, the Binding Operational Directive (BOD) 22-01 was put into effect. This requires all federal agencies to address the Known Exploited Vulnerabilities catalog by a set deadline. The catalog is regularly updated with vulnerabilities that are actively being exploited in the wild and pose a significant risk to the network security of federal agencies.

Organizations that have not yet implemented the necessary fixes for these vulnerabilities are at risk of attack and should address them as soon as possible.

Follow @SecurityAffairs on Twitter, Facebook, and Mastodon for more updates. Pierluigi Paganini is the founder of Security Affairs.

Read more