CISA, FBI Issue Joint Alert to Address Directory Traversal Vulnerabilities

The Cybersecurity and Infrastructure Security Agency and the FBI have issued the Eliminating Directory Traversal Vulnerabilities in Software Secure by Design alert.

The move follows recent cyberattacks, including the ones on ConnectWise and Cisco’s applications, that exploited companies’ traversal vulnerabilities, compromising critical infrastructure such as health care institutions and disrupting critical services such as hospital and school operations, CISA said.

The alert emphasized the ongoing threat posed by directory traversal vulnerabilities, highlighting the presence of 55 such vulnerabilities in CISA’s Known Exploited Vulnerabilities catalog.

CISA and FBI recommend that software manufacturers implement formal testing procedures to identify defects within their products and to visit CISA’s Secure by Design resources on best practices and strategies.