CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
Summary
CISA has added six known exploited vulnerabilities to its KEV catalog, including flaws in software from Fortinet, Microsoft, and Adobe. These additions indicate active exploitation in the wild, urging organizations to prioritize patching these vulnerabilities.
IFF Assessment
The addition of actively exploited vulnerabilities to CISA's KEV catalog is bad news for defenders as it highlights immediate threats that attackers are currently leveraging.
Severity
The CVSS score of 9.1 indicates a critical severity, likely due to factors such as an easily exploitable attack vector (SQL injection) and a significant impact on system integrity and confidentiality.
Defender Context
Defenders should immediately investigate and patch the identified Fortinet, Microsoft, and Adobe vulnerabilities listed by CISA. Prioritizing these known exploited flaws is crucial to prevent successful attacks leveraging these specific weaknesses.