CISA and the FBI have collaborated to release a Secure by Design Alert advocating for manufacturers to address Directory Traversal Vulnerabilities in software. The alert is a response to recent threat actor campaigns exploiting these vulnerabilities and impacting critical infrastructure sectors like Healthcare and Public Health. Despite known approaches to avoid these vulnerabilities, threat actors persist in exploiting them, leading to disruptions in essential services
CISA has identified 55 directory traversal vulnerabilities in their Known Exploited Vulnerabilities catalog. The joint Alert encourages software manufacturers to conduct formal testing to assess their products' vulnerability and provides recommended principles and best practices on CISA's Secure by Design page. This initiative aims to combat the continued exploitation of directory traversal vulnerabilities that jeopardize the functioning of critical services, such as hospitals and schools. https://www.cisa.gov/news-events/alerts/2024/05/02/cisa-and-fbi-release-secure-design-alert-urge-manufacturers-eliminate-directory-traversal