Hello, Guest!


CISA Adds Cacti Vulnerability to Known Exploited Vulnerabilities Catalog

Software vulnerability

CISA Adds Cacti Vulnerability to Known Exploited Vulnerabilities Catalog

The Cybersecurity and Infrastructure Security Agency has added a cyber vulnerability to its Known Exploited Vulnerabilities Catalog.

The Cacti Command Injection Vulnerability allows unauthenticated users to execute arbitrary code on a server that runs the Cacti open-source platform. Specifically, it allows hackers to retrieve the client’s internet protocol address by bypassing authentication processes.

The vulnerability is often used by malicious actors and could cause significant harm to federal agencies, CISA said Thursday.

Organizations have until March 9 to fix the vulnerability.

The Known Exploited Vulnerabilities Catalog was established through CISA’s Binding Operational Directive 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities. Under BOD 22-01, all Federal Civilian Executive Branch are required to address known vulnerabilities by the due date.

While BOD 22-01 is only required for the FCEB, CISA urges all organizations to remediate vulnerabilities to reduce their exposure to cyberattacks.

Potomac Officers Club Logo
Sign up for Potomac Officers Club's daily briefing
Receive updates on events and relevant news

Category: Cybersecurity