CISA cataloga dos vulnerabilidades activamente explotadas en la naturaleza

Descripción

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2024-1708 ConnectWise ScreenConnect Path Traversal Vulnerability CVE-2026-32202 Microsoft Windows Protection Mechanism Failure Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.  Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian

CVEs mencionados

• CVE-2024-1708
• CVE-2026-32202

Fuente oficial

Alerta publicada por CISA / US-CERT. Consulta el advisory completo para detalles técnicos, indicadores de compromiso y mitigaciones específicas.