24. 04. 2024
SOCnews
On March 25, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The catalog is updated regularly and contains those vulnerabilities most likely to be used in attacks. Organizations should monitor and review it periodically, and prioritize their patching efforts based on it.
I’ll provide a summary of the most critical vulnerabilities here:
| CVE Number | CVSS Score | EPSS Score | Product |
| CVE-2023-48788 | 9.8 (Critical) | Not available | Ivanti (EPM CSA) |
| CVE-2021-44529 | 9.8 (Critical) | 96.89% (Critical) | Fortinet FortiClient |
| CVE-2019-7256 | 10.0 (Critical) | 99.95%(Critical) | Linear eMerge E3-Series |
The most dangerous one is the CVE-2019-7256, a critical command injection vulnerability found in Nice Linear devices five years ago. With it an attacker could potentially take complete control of the affected system by sending malicious code. If you’re using a Nice Linear eMerge E3-Series device you should update the firmware immediately.
Mirko Ioris
Technical Consultant - Cyber Security Team | Würth Phoenix
Author
