The US Cybersecurity agency CISA added Sophos, Oracle, and Microsoft product flaws to its Known Exploited Vulnerabilities (KEV) sequence.
The Sophos flaw pointed out exploited attacks such as CVE-2023-1671 and critical Sophos Web Appliance vulnerabilities. An unauthenticated attacker can use these for arbitrary code execution.
CISA’s latest KEV list includes four other Sophos product vulnerabilities. The second vulnerability added to CISA’s KEV list is CVE-2020-2551, which is an Oracle WebLogic Server flaw. Unauthenticated attackers can exploit the flaw to take control of affected servers.
CVE-2020-2551 is one of the four vulnerabilities targeted for initial compromise by threat actors. Furthermore, CISA added CVE-2023-36584 vulnerability to its KEV catalog, allowing attackers to bypass the Mark of the Web (MotW) security feature in Windows.
Read More: CISA Warns of Attacks Exploiting Sophos Web Appliance Vulnerability
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
