Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Comment: CISA adds high-severity flaw in Adobe Acrobat Reader to KEV catalogue

October 2023 by Sylvain Cortes, VP Strategy at Hackuity

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on
Tuesday added a high-severity flaw in Adobe Acrobat Reader to its
Known Exploited Vulnerabilities (KEV) catalogue, showing evidence of
active exploitation.

Tracked as CVE-2023-21608 [3] (CVSS score: 7.8), the vulnerability has
been described as a use-after-free bug that can be exploited to achieve
remote code execution (RCE) with the privileges of the current user.

Sylvain Cortes, VP Strategy, Hackuity points out "The real question
is: Why does CVSS frequently show the same low-severity score for so
long? Simple: the CVSS score relates to the vulnerability itself and
does not account for how often the vulnerability is being exploited.
Severity is intrinsic to a vulnerability, and most organisations use the
CVSS score to gauge severity. But that severity does not take into
account each organisation’s specific context.

CISA is correct to designate CVE-2023-21608 as a high-severity flaw.
This shouldn’t be news, however, to those impacted organisations who are
already looking beyond raw CVSS to factor in the Exploitability, Exploit
Maturity, and Threat Intensity of a given vulnerability. This
continuous, automated process is critical to understanding — and
remediating — the true risk to their specific attack surface."


See previous articles

    

See next articles













Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts