This week, CISA has recommended that patches should be applied for six vulnerabilities by July 28, 2022. All these CVEs are trending now, with one CVE having ransomware associations. Let us look at all the CVEs that need to be patched this week.
How Far Back Do They Go?
Three of the six KEVs were discovered in 2014 and classified as critical CVEs.
Which Vendors Are Affected?
Three prominent vendor products are affected by the vulnerabilities that need to be patched by July 28, 2022.
Severity Scores
Patching these vulnerabilities is of high priority, as most of them rank critical on the CVSS.
Software Weaknesses
The following CWEs have caused the six vulnerabilities that need to be patched this week.
Table: DHS CISA KEVs
CVE-2014-6271 is involved in 29 known exploits. Since hackers favor this considerably, the federal government has decreed that it must be prioritized and patched urgently. Similarly, several CVEs on the KEV list have been involved in many exploits. Organizations must be on the lookout for them and remediate them when patches are made available.
Keep watching this space for updates on CVE patch deadlines