CISA Enhances Known Exploited Vulnerabilities Catalog to Include New Nomination Form

CISA has enhanced its Known Exploited Vulnerabilities Catalog by introducing a new nomination form, which may lead to increased exploitation of previously unknown vulnerabilities. This affects organizations that rely on the catalog for vulnerability management. The attack vector is likely to be remote code execution via unpatched vulnerabilities.

1. CISA has introduced a new nomination form for the Known Exploited Vulnerabilities Catalog.
2. The catalog now includes a broader range of vulnerabilities, increasing the risk of exploitation for organizations that rely on it for vulnerability management.
3. The attack vector is likely to be remote code execution via unpatched vulnerabilities, which can be exploited by threat actors.
4. Organizations should regularly review and update their vulnerability management practices to stay ahead of potential threats.

T1210 - Exploitation of Remote Services
T1204 - User Execution

Organizations should regularly review and update their vulnerability management practices, including patching known vulnerabilities and implementing robust configuration settings.