CISA has added three security vulnerabilities to its KEV catalog, highlighting the ongoing threat posed by path traversal flaws in applications like DrayTek and WPS Office.
Tenable warned that these unauthenticated local file inclusion vulnerabilities allow attackers to download arbitrary files with root privileges, posing severe risks for exposed systems.
Despite patches being released in October 2021, the addition of these vulnerabilities to the KEV catalog suggests that many systems remain at risk, emphasizing the need for prompt updates.
CISA emphasized the significant risk path traversal vulnerabilities pose to federal enterprises, urging businesses to patch affected systems immediately to mitigate exposure.
[
Collection
]
[
|
...
]