The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation have jointly released a Secure by Design Alert titled “Eliminating Directory Traversal Vulnerabilities in Software.”
CISA said Thursday that the alert seeks to draw attention to recent campaigns by threat actors to take advantage of directory traversal vulnerabilities, which have impacted critical infrastructure like public health and healthcare, as well as continuing exploits that have affected various critical services.
The agency notes that exploits persist despite the availability of mitigation methods. Its catalog also lists 55 known traversal vulnerabilities.
Software developers are encouraged to test their products to determine their susceptibility to the vulnerabilities.