CISA Known Exploited Vulnerabilities Catalog
9.8
CVE-2022-26258 - D-Link DIR-820L Remote Code Execution Vulnerability -
Action Due Sep 29, 2022 Target Vendor : D-Link
Description : D-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code execution.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10295
5.5
CVE-2020-9934 - Apple iOS, iPadOS, and macOS Input Validation Vulnerability -
Action Due Sep 29, 2022 Target Vendor : Apple
Description : Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://support.apple.com/en-us/HT211288, https://support.apple.com/en-us/HT211289
9.8
CVE-2018-7445 - MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability -
Action Due Sep 29, 2022 Target Vendor : MikroTik
Description : In MikroTik RouterOS, a stack-based buffer overflow occurs when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.coresecurity.com/core-labs/advisories/mikrotik-routeros-smb-buffer-overflow#vendor_update, https://mikrotik.com/download
9.8
CVE-2018-6530 - D-Link Multiple Routers OS Command Injection Vulnerability -
Action Due Sep 29, 2022 Target Vendor : D-Link
Description : Multiple D-Link routers contain an unspecified vulnerability that allows for execution of OS commands.
Action : The vendor D-Link published an advisory stating the fix under CVE-2018-20114 properly patches KEV entry CVE-2018-6530. If the device is still supported, apply updates per vendor instructions. If the affected device has since entered its end-of-life, it should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10105
9.8
CVE-2018-2628 - Oracle WebLogic Server Unspecified Vulnerability -
Action Due Sep 29, 2022 Target Vendor : Oracle
Description : Oracle WebLogic Server contains an unspecified vulnerability which can allow an unauthenticated attacker with T3 network access to compromise the server.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.oracle.com/security-alerts/cpuapr2018.html
4.3
CVE-2018-13374 - Fortinet FortiOS and FortiADC Improper Access Control Vulnerability -
Action Due Sep 29, 2022 Target Vendor : Fortinet
Description : Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://www.fortiguard.com/psirt/FG-IR-18-157
8.1
CVE-2017-5521 - NETGEAR Multiple Devices Exposure of Sensitive Information Vulnerability -
Action Due Sep 29, 2022 Target Vendor : NETGEAR
Description : Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management server.
Action : Apply updates per vendor instructions. If the affected device has since entered end-of-life, it should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability
6.8
CVE-2011-4723 - D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability -
Action Due Sep 29, 2022 Target Vendor : D-Link
Description : The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.dlink.ru/mn/products/2/728.html
7.8
CVE-2011-1823 - Android OS Privilege Escalation Vulnerability -
Action Due Sep 29, 2022 Target Vendor : Android
Description : The vold volume manager daemon in Android kernel trusts messages from a PF_NETLINK socket, which allows an attacker to execute code and gain root privileges. This vulnerability is associated with GingerBreak and Exploit.AndroidOS.Lotoor.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://android.googlesource.com/platform/system/vold/+/c51920c82463b240e2be0430849837d6fdc5352e
9.8
CVE-2022-26352 - dotCMS Unrestricted Upload of File Vulnerability -
Action Due Sep 15, 2022 Target Vendor : dotCMS
Description : dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://www.dotcms.com/security/SI-62
9.8
CVE-2022-24706 - Apache CouchDB Insecure Default Initialization of Resource Vulnerability -
Action Due Sep 15, 2022 Target Vendor : Apache
Description : Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00
9.8
CVE-2022-24112 - Apache APISIX Authentication Bypass Vulnerability -
Action Due Sep 15, 2022 Target Vendor : Apache
Description : Apache APISIX contains an authentication bypass vulnerability that allows for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://lists.apache.org/thread/lcdqywz8zy94mdysk7p3gfdgn51jmt94
9.8
CVE-2022-22963 - VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability -
Action Due Sep 15, 2022 Target Vendor : VMware Tanzu
Description : When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://tanzu.vmware.com/security/cve-2022-22963
8.8
CVE-2022-2294 - WebRTC Heap Buffer Overflow Vulnerability -
Action Due Sep 15, 2022 Target Vendor : WebRTC
Description : WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://groups.google.com/g/discuss-webrtc/c/5KBtZx2gvcQ
9.8
CVE-2021-39226 - Grafana Authentication Bypass Vulnerability -
Action Due Sep 15, 2022 Target Vendor : Grafana Labs
Description : Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete snapshot data loss.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/
7.8
CVE-2021-38406 - Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability -
Action Due Sep 15, 2022 Target Vendor : Delta Electronics
Description : Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files (improper input validation) resulting in an out-of-bounds write that allows for code execution.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.cisa.gov/uscert/ics/advisories/icsa-21-252-02
7.5
CVE-2021-31010 - Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability -
Action Due Sep 15, 2022 Target Vendor : Apple
Description : In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://support.apple.com/en-us/HT212804, https://support.apple.com/en-us/HT212805, https://support.apple.com/en-us/HT212806, https://support.apple.com/en-us/HT212807, https://support.apple.com/en-us/HT212824
7.5
CVE-2020-36193 - PEAR Archive_Tar Improper Link Resolution Vulnerability -
Action Due Sep 15, 2022 Target Vendor : PEAR
Description : PEAR Archive_Tar Tar.php allows write operations with directory traversal due to inadequate checking of symbolic links. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as Drupal Core and Red Hat Linux.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916, https://www.drupal.org/sa-core-2021-001, https://access.redhat.com/security/cve/cve-2020-36193
7.8
CVE-2020-28949 - PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability -
Action Due Sep 15, 2022 Target Vendor : PEAR
Description : PEAR Archive_Tar allows an unserialization attack because phar: is blocked but PHAR: is not blocked. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as Drupal Core and Red Hat Linux.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://pear.php.net/bugs/bug.php?id=27002, https://www.drupal.org/sa-core-2020-013, https://access.redhat.com/security/cve/cve-2020-28949
8.6
CVE-2022-0028 - Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability -
Action Due Sep 12, 2022 Target Vendor : Palo Alto Networks
Description : A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://security.paloaltonetworks.com/CVE-2022-0028