28. 03. 2024 Mirko Ioris SOCnews

SOC News | Mar 28 – New Vulnerabilities Added in KEV Catalog

On March 25, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The catalog is updated regularly and contains those vulnerabilities most likely to be used in attacks. Organizations should monitor and review it periodically, and prioritize their patching efforts based on it.

I’ll provide a summary of the most critical vulnerabilities here:

CVE Number	CVSS Score	EPSS Score	Product
CVE-2023-48788	9.8 (Critical)	Not available	Ivanti (EPM CSA)
CVE-2021-44529	9.8 (Critical)	96.89% (Critical)	Fortinet FortiClient
CVE-2019-7256	10.0 (Critical)	99.95%(Critical)	Linear eMerge E3-Series

Details of the vulnerabilities

The most dangerous one is the CVE-2019-7256, a critical command injection vulnerability found in Nice Linear devices five years ago. With it an attacker could potentially take complete control of the affected system by sending malicious code. If you’re using a Nice Linear eMerge E3-Series device you should update the firmware immediately.

Share on linkedin

Share on twitter

Share on facebook

Share on google

Share on tumblr

Mirko Ioris

Technical Consultant - Cyber Security Team | Würth Phoenix

Author

Mirko Ioris

Technical Consultant - Cyber Security Team | Würth Phoenix

Latest posts by Mirko Ioris

13. 09. 2025 Blue Team, SEC4U

A Practical Guide to Working with Windows Authentication Logs – Part 2

25. 06. 2025 Blue Team, SEC4U

A Practical Guide to Working with Windows Authentication Logs – Part 1

31. 07. 2024 SEC4U, SOCnews

July 19 – The Day Cyber Security Almost Caused a Global IT Blackout

30. 06. 2024 SOCnews

SOC News | June 30 – TeamViewer Victim of a Security Breach

24. 05. 2024 SOCnews

SOC News | May 24 – Patch This Veeam Critical Vulnerability Now

See All

Related Content

Tags: CVE, CVSS, EPSS, SOCnews, Vulnerabilities

25. 09. 2025 CTF Writeups, Development, Events

Preparing for WP CTF 2025

Summer is over, autumn is here – and so is the most anticipated event of the year for cybersecurity students: WP CTF 2025. Every year, the WP CTF draws cybersecurity students hungry to learn, compete, and put their skills to Read More

30. 06. 2024 SOCnews

SOC News | June 30 – TeamViewer Victim of a Security Breach

TeamViewer, the popular remote access software developed by the company of the same name, discovered an irregularity in its internal IT environment on 26 June. They disclosed the potential breach in a statement the following day, stating that they had Read More

24. 05. 2024 SOCnews

SOC News | May 24 – Patch This Veeam Critical Vulnerability Now

On May 21, Veeam published details about four different vulnerabilities detected in their product Veeam Backup Enterprise Manager (VBEM). One of them is critical and allows an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface Read More

16. 05. 2024 SOCnews

SOC News | May 16 – Highly sensitive SYNLAB data has been exposed on the Dark Web

SYNLAB, European leader in medical diagnostic services, was the victim of a cyber attack last April. The compromised infrastructure is the one that runs Italians clinics only, other countries were not affected. In early May, ransomware group BlackBasta claimed responsibility Read More

30. 04. 2024 SOCnews

SOC News | Apr 30 – New Cyber Attacker Groups Detected

During the last week of April, our Attacker Centric SOC detected multiple new cyber attacker group websites in the Dark Web. Called Dedicated Leak Sites (DLS), they are widely used by ransomware gangs to publish stolen confidential data when the victim Read More

Leave a Reply Cancel reply