Ethical Hacking News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its catalog of known exploited vulnerabilities, highlighting the need for organizations to stay vigilant in protecting themselves against emerging cyber threats.
The U.S. CISA has added two new vulnerabilities, CVE-2023-4346 and CVE-2026-46817, to its catalog of known exploited vulnerabilities. The KNX Protocol Connection Authorization Option 1 vulnerability (CVSS score of 7.5) affects KNX devices that use the connection authorization option, allowing unauthorized access to lock down and disrupt legitimate users' access. The Oracle E-Business Suite vulnerability (CVE-2026-46817) allows unauthenticated attackers to take over vulnerable systems over HTTP in versions 12.2.3 through 12.2.15. CISA orders federal agencies to urgently fix the Oracle flaw by July 18, 2026, and address the KNX Association KNX Protocol Connection Authorization Option 1 flaw by July 29, 2026.
U.S. CISA adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog
On July 17, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two new vulnerabilities, known as CVE-2023-4346 and CVE-2026-46817, to its catalog of known exploited vulnerabilities. The KNX Association's KNX Protocol Connection Authorization Option 1 vulnerability, with a CVSS score of 7.5, affects KNX devices that use the connection authorization option, allowing an attacker with access to the network or physical access to the device to lock it down and prevent legitimate users from resetting access. This could lead to loss of device availability and disruptions in KNX installations.
The Oracle E-Business Suite vulnerability, CVE-2026-46817, affects versions 12.2.3 through 12.2.15 and allows unauthenticated attackers to take over vulnerable systems over HTTP. The Oracle company has fixed the issue with their Critical Patch Update but urged customers to apply the patches immediately, as the vulnerability is being actively exploited. Despite not disclosing technical details of the attacks or the motivation of the attackers, Defused Cyber researchers warned about the exploitation in early July.
CISA's Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities requires federal agencies to address identified vulnerabilities by their due dates. Experts recommend that private organizations review the catalog and address the vulnerabilities in their infrastructure, as CISA orders federal agencies to urgently fix the Oracle flaw by July 18, 2026, and address the KNX Association KNX Protocol Connection Authorization Option 1 flaw by July 29, 2026.
This addition highlights the importance of staying up-to-date with known exploited vulnerabilities and addressing them promptly. By doing so, organizations can minimize their risk of falling victim to cyberattacks and protect their networks against potential threats.
Related Information:
https://www.ethicalhackingnews.com/articles/The-US-Cybersecurity-and-Infrastructure-Security-Agency-CISA-Adds-KNX-Association-KNX-Protocol-Connection-Authorization-Option-1-and-Oracle-Flaws-to-its-Known-Exploited-Vulnerabilities-Catalog-ehn.shtml
https://securityaffairs.com/195516/security/u-s-cisa-adds-knx-association-knx-protocol-connection-authorization-option-1-and-oracle-flaws-to-its-known-exploited-vulnerabilities-catalog.html
https://www.cisa.gov/news-events/alerts/2026/07/15/cisa-adds-two-known-exploited-vulnerabilities-catalog
https://nvd.nist.gov/vuln/detail/CVE-2023-4346
https://www.cvedetails.com/cve/CVE-2023-4346/
https://nvd.nist.gov/vuln/detail/CVE-2026-46817
https://www.cvedetails.com/cve/CVE-2026-46817/
Published: Fri Jul 17 03:59:00 2026 by llama3.2 3B Q4_K_M