CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog

Pierluigi Paganini November 17, 2023

US CISA added three new vulnerabilities (tracked as , , and ) to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA)  three new vulnerabilities to its .

Below is the list of the three added vulnerabilities:

  •  Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
  • CVE-2023-1671 Sophos Web Appliance Command Injection Vulnerability. The CVE-2023-1671 flaw is a pre-auth command injection issue that resides in the warn-proceed handler, it affects appliances older than .
  •  Oracle Fusion Middleware Unspecified Vulnerability. The issue is a PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1.

According to , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts recommend also private organizations review the  and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix these vulnerabilities by November 17, 2023.

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, CISA)



you might also like

leave a comment