CISA Known Exploited Vulnerabilities Catalog
7.2
CVE-2024-8190 - Ivanti Cloud Services Appliance OS Command Injection Vulnerability -
Action Due Oct 04, 2024 ( 17 days left ) Target Vendor : Ivanti
Description : Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.
Action : As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive future security updates.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190; https://nvd.nist.gov/vuln/detail/CVE-2024-8190
7.3
CVE-2024-38226 - Microsoft Publisher Security Feature Bypass Vulnerability -
Action Due Oct 01, 2024 ( 14 days left ) Target Vendor : Microsoft
Description : Microsoft Publisher contains a security feature bypass vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files.
Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38226; https://nvd.nist.gov/vuln/detail/CVE-2024-38226
9.8
CVE-2024-43491 - Microsoft Windows Update Remote Code Execution Vulnerability -
Action Due Oct 01, 2024 ( 14 days left ) Target Vendor : Microsoft
Description : Microsoft Windows Update contains an unspecified vulnerability that allows for remote code execution.
Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43491; https://nvd.nist.gov/vuln/detail/CVE-2024-43491
7.8
CVE-2024-38014 - Microsoft Windows Installer Privilege Escalation Vulnerability -
Action Due Oct 01, 2024 ( 14 days left ) Target Vendor : Microsoft
Description : Microsoft Windows Installer contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges.
Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38014; https://nvd.nist.gov/vuln/detail/CVE-2024-38014
5.4
CVE-2024-38217 - Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability -
Action Due Oct 01, 2024 ( 14 days left ) Target Vendor : Microsoft
Description : Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.
Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38217; https://nvd.nist.gov/vuln/detail/CVE-2024-38217
8.4
CVE-2016-3714 - ImageMagick Improper Input Validation Vulnerability -
Action Due Sep 30, 2024 ( 13 days left ) Target Vendor : ImageMagick
Description : ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image.
Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588#p132726, https://imagemagick.org/archive/releases/; https://nvd.nist.gov/vuln/detail/CVE-2016-3714
7.8
CVE-2017-1000253 - Linux Kernel PIE Stack Buffer Corruption Vulnerability -
Action Due Sep 30, 2024 ( 13 days left ) Target Vendor : Linux
Description : Linux kernel contains a position-independent executable (PIE) stack buffer corruption vulnerability in load_elf_ binary() that allows a local attacker to escalate privileges.
Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Known
Notes : This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a87938b2e246b81b4fb713edb371a9fa3c5c3c86; https://nvd.nist.gov/vuln/detail/CVE-2017-1000253
9.8
CVE-2024-40766 - SonicWall SonicOS Improper Access Control Vulnerability -
Action Due Sep 30, 2024 ( 13 days left ) Target Vendor : SonicWall
Description : SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.
Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015; https://nvd.nist.gov/vuln/detail/CVE-2024-40766
7.5
CVE-2021-20123 - Draytek VigorConnect Path Traversal Vulnerability -
Action Due Sep 24, 2024 ( 7 days left ) Target Vendor : DrayTek
Description : Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.draytek.com/about/security-advisory/vigorconnect-software-security-vulnerability-(cve-2021-20123-cve-2021-20129)
7.5
CVE-2021-20124 - Draytek VigorConnect Path Traversal Vulnerability -
Action Due Sep 24, 2024 ( 7 days left ) Target Vendor : DrayTek
Description : Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.draytek.com/about/security-advisory/vigorconnect-software-security-vulnerability-(cve-2021-20123-cve-2021-20129)
7.8
CVE-2024-7262 - Kingsoft WPS Office Path Traversal Vulnerability -
Action Due Sep 24, 2024 ( 7 days left ) Target Vendor : Kingsoft
Description : Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library.
Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : While CISA cannot confirm the effectiveness of patches at this time, it is recommended that mitigations be applied per vendor instructions if available. If these instructions cannot be located or if mitigations are unavailable, discontinue the use of the product.
8.8
CVE-2024-7965 - Google Chromium V8 Inappropriate Implementation Vulnerability -
Action Due Sep 18, 2024 ( 1 days left ) Target Vendor : Google
Description : Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html
9.8
CVE-2024-38856 - Apache OFBiz Incorrect Authorization Vulnerability -
Action Due Sep 17, 2024 Target Vendor : Apache
Description : Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated attacker.
Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://lists.apache.org/[email protected]:lte=1M:CVE-2024-38856
8.8
CVE-2024-7971 - Google Chromium V8 Type Confusion Vulnerability -
Action Due Sep 16, 2024 Target Vendor : Google
Description : Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html
7.2
CVE-2024-39717 - Versa Director Dangerous File Type Upload Vulnerability -
Action Due Sep 13, 2024 Target Vendor : Versa
Description : The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface. The “Change Favicon” (Favorite Icon) enables the upload of a .png file, which can be exploited to upload a malicious file with a .png extension disguised as an image.
Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : Customers may download the update from the vendor at following link (note, a customer account is required): https://support.versa-networks.com/support/solutions/articles/23000026724-versa-director-ha-port-exploit-discovery-remediation
9.8
CVE-2021-33044 - Dahua IP Camera Authentication Bypass Vulnerability -
Action Due Sep 11, 2024 Target Vendor : Dahua
Description : Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument is specified by the client during authentication.
Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.dahuasecurity.com/aboutUs/trustedCenter/details/582
9.8
CVE-2021-33045 - Dahua IP Camera Authentication Bypass Vulnerability -
Action Due Sep 11, 2024 Target Vendor : Dahua
Description : Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication.
Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.dahuasecurity.com/aboutUs/trustedCenter/details/582
8.4
CVE-2022-0185 - Linux Kernel Heap-Based Buffer Overflow -
Action Due Sep 11, 2024 Target Vendor : Linux
Description : Linux kernel contains a heap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem Context API and ultimately escalate privileges.
Action : Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=722d94847de2
7.2
CVE-2021-31196 - Microsoft Exchange Server Information Disclosure Vulnerability -
Action Due Sep 11, 2024 Target Vendor : Microsoft
Description : Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution.
Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2021-31196
9.8
CVE-2024-23897 - Jenkins Command Line Interface (CLI) Path Traversal Vulnerability -
Action Due Sep 09, 2024 Target Vendor : Jenkins
Description : Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution.
Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314