CISA Updates KEV Catalog With Five Security Flaws Actively Exploited in Cyber Attacks
In a critical move to bolster defenses against real-world threats, the Cybersecurity and Infrastructure Security Agency (CISA) has added five newly confirmed vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog.
Announced recently, these flaws spanning surveillance cameras, industrial controls, and Apple devices are being actively exploited by malicious actors. Federal agencies now face strict patching deadlines under Binding Operational Directive (BOD) 22-01, but CISA urges all organizations to act swiftly to mitigate risks.
The KEV Catalog serves as a “living list” of Common Vulnerabilities and Exposures (CVEs) posing the greatest danger to the federal enterprise.
Established by BOD 22-01, it mandates that Federal Civilian Executive Branch (FCEB) agencies patch listed vulnerabilities by specified due dates, thereby shielding networks from nation-state hackers, ransomware groups, and other cyber threats.
While BOD 22-01 targets FCEB entities, CISA emphasizes that private sector firms, critical infrastructure operators, and enterprises worldwide should prioritize these flaws in their vulnerability management routines. Delaying patches leaves the door wide open to attacks that could lead to data breaches, operational disruptions, or worse.
Five Security Flaws Actively Exploited
CVE-2017-7921: Hikvision Multiple Products Improper Authentication Vulnerability
This decade-old flaw affects Hikvision IP cameras and video management systems, allowing attackers to bypass authentication via crafted HTTP requests.
Exploited in the wild since at least 2017, it’s a favorite for initial access in supply chain attacks. CVSS score: 9.8 (Critical). Federal agencies using Hikvision gear must patch immediately, as vendors have released fixes years ago, but unpatched devices linger in networks.
CVE-2021-22681: Rockwell Multiple Products Insufficient Protected Credentials Vulnerability
Targeting Rockwell Automation’s industrial control systems (ICS), such as FactoryTalk, this issue exposes hardcoded credentials, enabling remote code execution.
OT environments are hit hard, as attackers can pivot to sabotage critical processes. CVSS: 9.8 (Critical). ICS operators, including those at federal facilities, face heightened urgency to patch via vendor updates to secure PLCs and HMIs.
CVE-2021-30952: Apple Multiple Products Integer Overflow or Wraparound Vulnerability
An integer overflow in Apple’s Core Media framework triggers heap corruption, potentially leading to arbitrary code execution during video processing.
iPhones, iPads, and Macs are vulnerable. CVSS: 7.8 (High). With exploits chaining to others, federal users should update to iOS 14.8+ or equivalent macOS patches pronto.
CVE-2023-41974: Apple iOS and iPadOS Use-After-Free Vulnerability
A use-after-free bug in the Kernel Framework allows attackers to escalate privileges or crash devices by exploiting maliciously crafted web content. Actively weaponized in targeted attacks. CVSS: 7.8 (High). Apple patched this in iOS 16.6.1. Federal mobile fleets need rapid deployment to block spyware like Pegasus variants.
CVE-2023-43000: Apple Multiple Products Use-After-Free Vulnerability
Another memory mishap in Apple’s WebKit engine enables cross-site scripting and code execution through rigged web pages. Affects Safari on iOS, iPadOS, and macOS. CVSS: 8.8 (High). Immediate updates to iOS 17.0.1+ are essential for federal endpoints browsing the web.
These vulnerabilities exemplify common attack vectors: improper authentication for foothold access, credential weaknesses in OT, and memory errors that fuel zero-click exploits. Threat actors, from APT groups to script kiddies, chain them for ransomware, espionage, or disruption, according to CISA.
Federal Agencies Must Patch Now
BOD 22-01 isn’t optional for FCEB agencies: remediation deadlines are typically 21 days from KEV addition, enforced with reporting requirements. Non-compliance risks network compromises, as seen in past SolarWinds or Log4Shell incidents. CISA’s fact sheet underscores the directive’s role in slashing the risk of exploited vulnerabilities by 60% in federal systems.
For all organizations, treat the KEV Catalog as your patch priority list. Integrate it with SIEM tools, vulnerability scanners such as Nessus, and patch management platforms. Hunt for exposures using EDR, segment networks, and monitor for IOCs like anomalous Hikvision logins or WebKit crashes.
Site: cybersecuritypath.com
About the Author
