US government agencies told to patch these critical security flaws or face attack

zeeforce
3 Min Read




  • CISA adds CVE-2023-28461 to its Known Exploited Vulnerabilities catalog
  • Federal agencies have until December 16 to patch up
  • The bug is being abused by a Chinese group known as Earth Kasha

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new critical vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning federal agencies they have a three-week deadline to apply the available patch, or stop using the affected software altogether.

The agency added a missing authentication vulnerability to KEV tracked under CVE-2023-28461, which has a severity score of 9.8, and allows crooks to execute arbitrary code on remote devices.



Source link

Share This Article
Leave a comment
Optimized by Optimole
Verified by MonsterInsights