CISA Known Exploited Vulnerabilities Catalog
7.5
CVE-2023-28432 - MinIO Information Disclosure Vulnerability -
Action Due May 12, 2023 Target Vendor : MinIO
Description : MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q
9.8
CVE-2023-27350 - PaperCut MF/NG Improper Access Control Vulnerability -
Action Due May 12, 2023 Target Vendor : PaperCut
Description : PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://www.papercut.com/kb/Main/PO-1216-and-PO-1219
9.6
CVE-2023-2136 - Google Chrome Skia Integer Overflow Vulnerability -
Action Due May 12, 2023 Target Vendor : Google
Description : Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
8.8
CVE-2017-6742 - Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability -
Action Due May 10, 2023 Target Vendor : Cisco
Description : The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
7.8
CVE-2019-8526 - Apple macOS Use-After-Free Vulnerability -
Action Due May 08, 2023 Target Vendor : Apple
Description : Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://support.apple.com/en-us/HT209600
8.8
CVE-2023-2033 - Google Chromium V8 Type Confusion Vulnerability -
Action Due May 08, 2023 Target Vendor : Google
Description : Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html
7.8
CVE-2023-20963 - Android Framework Privilege Escalation Vulnerability -
Action Due May 04, 2023 Target Vendor : Android
Description : Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://source.android.com/docs/security/bulletin/2023-03-01
9.8
CVE-2023-29492 - Novi Survey Insecure Deserialization Vulnerability -
Action Due May 04, 2023 Target Vendor : Novi Survey
Description : Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx
7.8
CVE-2023-28252 - Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability -
Action Due May 02, 2023 Target Vendor : Microsoft
Description : Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-28252
8.8
CVE-2023-28205 - Apple Multiple Products WebKit Use-After-Free Vulnerability -
Action Due May 01, 2023 Target Vendor : Apple
Description : Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://support.apple.com/en-us/HT213720,https://support.apple.com/en-us/HT213721,https://support.apple.com/en-us/HT213722,https://support.apple.com/en-us/HT213723
8.6
CVE-2023-28206 - Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability -
Action Due May 01, 2023 Target Vendor : Apple
Description : Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://support.apple.com/en-us/HT213720, https://support.apple.com/en-us/HT213721
8.1
CVE-2021-27876 - Veritas Backup Exec Agent File Access Vulnerability -
Action Due Apr 28, 2023 Target Vendor : Veritas
Description : Veritas Backup Exec (BE) Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a data management protocol command to access files on the BE Agent machine.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://www.veritas.com/support/en_US/security/VTS21-001
9.8
CVE-2021-27877 - Veritas Backup Exec Agent Improper Authentication Vulnerability -
Action Due Apr 28, 2023 Target Vendor : Veritas
Description : Veritas Backup Exec (BE) Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://www.veritas.com/support/en_US/security/VTS21-001
8.8
CVE-2021-27878 - Veritas Backup Exec Agent Command Execution Vulnerability -
Action Due Apr 28, 2023 Target Vendor : Veritas
Description : Veritas Backup Exec (BE) Agent contains a command execution vulnerability that could allow an attacker to use a data management protocol command to execute a command on the BE Agent machine.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://www.veritas.com/support/en_US/security/VTS21-001
7.8
CVE-2019-1388 - Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability -
Action Due Apr 28, 2023 Target Vendor : Microsoft
Description : Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388
3.3
CVE-2023-26083 - Arm Mali GPU Kernel Driver Information Disclosure Vulnerability -
Action Due Apr 28, 2023 Target Vendor : Arm
Description : Arm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
6.1
CVE-2022-27926 - Zimbra Collaboration (ZCS) Cross-Site Scripting (XSS) Vulnerability -
Action Due Apr 24, 2023 Target Vendor : Zimbra
Description : Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability by allowing an endpoint URL to accept parameters without sanitizing.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://wiki.zimbra.com/wiki/Security_Center
8.8
CVE-2013-3163 - Microsoft Internet Explorer Memory Corruption Vulnerability -
Action Due Apr 20, 2023 Target Vendor : Microsoft
Description : Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://learn.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055
9.8
CVE-2017-7494 - Samba Remote Code Execution Vulnerability -
Action Due Apr 20, 2023 Target Vendor : Samba
Description : Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://www.samba.org/samba/security/CVE-2017-7494.html
9.8
CVE-2022-42948 - Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability -
Action Due Apr 20, 2023 Target Vendor : Fortra
Description : Fortra Cobalt Strike User Interface contains an unspecified vulnerability rooted in Java Swing that may allow remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-2/