好的,我现在需要帮用户总结一篇文章,控制在100字以内。用户的要求是直接写文章描述,不需要特定的开头。 首先,我仔细阅读了文章内容。文章主要讲的是美国网络安全和基础设施安全局(CISA)将六个软件产品的漏洞加入其已知被利用的漏洞目录。这些漏洞包括思科催化剂、Kentico Xperience、PaperCut NG/MF、Synacor ZCS、Quest KACE SMA和JetBrains TeamCity的多个CVE编号。 接下来,我注意到这些漏洞中有一些已经被实际攻击中利用,比如CVE-2023-27351被Clop和LockBit勒索软件使用。此外,还有一些漏洞虽然尚未被广泛利用,但存在被攻击者快速武器化的风险。 文章还提到CISA要求联邦机构在特定日期前修复这些漏洞,其中思科和Synacor的漏洞需要在2026年4月23日前解决,其他则在5月4日前。 现在,我需要将这些信息浓缩到100字以内。重点包括:CISA添加了哪些漏洞到目录中,这些漏洞涉及哪些产品,它们已经被或可能被利用的情况,以及修复的时间要求。 最后,确保语言简洁明了,直接描述内容,不使用任何开头模板。 </think> 美国网络安全机构CISA将思科催化剂、Kentico Xperience等六款软件产品的多个漏洞加入已知被利用的漏洞目录,并要求联邦机构在2026年4月或5月前修复这些高风险漏洞。 2026-4-21 09:21:2 Author: securityaffairs.com(查看原文) 阅读量:24 收藏
U.S. CISA adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities (KEV) catalog.
Below are the flaws added to the catalog:
- CVE-2026-20133 Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
- CVE-2023-27351 PaperCut NG/MF Improper Authentication Vulnerability
- CVE-2024-27199 JetBrains TeamCity Relative Path Traversal Vulnerability
- CVE-2025-2749 Kentico Xperience Path Traversal Vulnerability
- CVE-2025-32975 Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
- CVE-2025-48700 Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
- CVE-2026-20122 Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
- CVE-2026-20128 Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
Several of the listed vulnerabilities are not just theoretical weaknesses but have been actively exploited in real-world attacks, often becoming entry points for ransomware operators and state-linked actors.
The CVE-2023-27351 flaw in PaperCut NG/MF is a clear example. It was widely abused in 2023 by ransomware groups such as the Clop ransomware group and LockBit, which leveraged the improper authentication issue to gain unauthenticated access to servers, deploy payloads, and move laterally within networks.
Similarly, CVE-2024-27199 affecting JetBrains TeamCity was rapidly weaponized after disclosure. Threat actors exploited the path traversal flaw to access sensitive configuration files, extract credentials, and in some cases deploy backdoors on build servers, critical assets in software supply chains.
The CVE-2025-32975 in Quest KACE Systems Management Appliance has also been observed in opportunistic attacks, where attackers bypass authentication to gain administrative access, enabling device management abuse and potential malware deployment across managed endpoints.
On the email front, CVE-2025-48700 impacting Zimbra Collaboration Suite has been linked to exploitation campaigns delivering malicious scripts via cross-site scripting, often used to hijack sessions or steal credentials in targeted attacks.
For the more recent Cisco issues, CVE-2026-20133, CVE-2026-20122, and CVE-2026-20128 affecting Cisco Catalyst SD-WAN Manager, public reporting so far indicates a high risk of exploitation, especially given the platform’s role in managing enterprise networks. While large-scale campaigns have not been as widely documented yet, similar Cisco management-plane flaws have historically been quickly adopted by threat actors once proof-of-concept exploits emerge.
Finally, CVE-2025-2749 in Kentico Xperience represents a classic path traversal issue. Although public evidence of widespread exploitation is still limited, such flaws are routinely abused in web attacks to access sensitive files, and they tend to be incorporated into automated scanning and exploitation frameworks shortly after disclosure.
Overall, the pattern is consistent: vulnerabilities enabling unauthenticated access, path traversal, or credential exposure are quickly operationalized. Attackers exploit them for initial access, privilege escalation, and persistence, often within days of public disclosure, highlighting the need for rapid patching and continuous monitoring.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix the vulnerabilities by May 4, 2026, except Cisco Catalyst and Synacor Zimbra Collaboration Suite (ZCS) flaws, which must be addressed by April 23, 2026.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CISA)
如有侵权请联系:admin#unsafe.sh