CISA Known Exploited Vulnerabilities (KEV)

  1. Home
  2. CISA KEV
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.Y

    8.8

    HIGH
    CVE-2024-49039 - Microsoft Windows Task Scheduler Privilege Escalation Vulnerability -

    Action Due Dec 03, 2024 Target Vendor : Microsoft

    Description : Microsoft Windows Task Scheduler contains a privilege escalation vulnerability that can allow an attacker-provided, local application to escalate privileges outside of its AppContainer, and access privileged RPC functions.

    Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039 ; https://nvd.nist.gov/vuln/detail/CVE-2024-49039

    Alert Date: Nov 12, 2024 | 295 days ago

    5.3

    MEDIUM
    CVE-2021-26086 - Atlassian Jira Server and Data Center Path Traversal Vulnerability -

    Action Due Dec 03, 2024 Target Vendor : Atlassian

    Description : Atlassian Jira Server and Data Center contain a path traversal vulnerability that allows a remote attacker to read particular files in the /WEB-INF/web.xml endpoint.

    Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://jira.atlassian.com/browse/JRASERVER-72695 ; https://nvd.nist.gov/vuln/detail/CVE-2021-26086

    Alert Date: Nov 12, 2024 | 295 days ago

    10.0

    CRITICAL
    CVE-2024-51567 - CyberPanel Incorrect Default Permissions Vulnerability -

    Action Due Nov 28, 2024 Target Vendor : CyberPersons

    Description : CyberPanel contains an incorrect default permissions vulnerability that allows a remote, unauthenticated attacker to execute commands as root.

    Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel ; https://nvd.nist.gov/vuln/detail/CVE-2024-51567

    Alert Date: Nov 07, 2024 | 300 days ago

    7.8

    HIGH
    CVE-2024-43093 - Android Framework Privilege Escalation Vulnerability -

    Action Due Nov 28, 2024 Target Vendor : Android

    Description : Android Framework contains an unspecified vulnerability that allows for privilege escalation.

    Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://source.android.com/docs/security/bulletin/2024-11-01 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43093

    Alert Date: Nov 07, 2024 | 300 days ago

    9.8

    CRITICAL
    CVE-2024-5910 - Palo Alto Networks Expedition Missing Authentication Vulnerability -

    Action Due Nov 28, 2024 Target Vendor : Palo Alto Networks

    Description : Palo Alto Networks Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data.

    Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://security.paloaltonetworks.com/CVE-2024-5910 ; https://nvd.nist.gov/vuln/detail/CVE-2024-5910

    Alert Date: Nov 07, 2024 | 300 days ago

    9.8

    CRITICAL
    CVE-2019-16278 - Nostromo nhttpd Directory Traversal Vulnerability -

    Action Due Nov 28, 2024 Target Vendor : Nostromo

    Description : Nostromo nhttpd contains a directory traversal vulnerability in the http_verify() function in a non-chrooted nhttpd server allowing for remote code execution.

    Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://www.nazgul.ch/dev/nostromo_cl.txt ; https://nvd.nist.gov/vuln/detail/CVE-2019-16278

    Alert Date: Nov 07, 2024 | 300 days ago

    9.1

    CRITICAL
    CVE-2024-8956 - PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability -

    Action Due Nov 25, 2024 Target Vendor : PTZOptics

    Description : PTZOptics PT30X-SDI/NDI cameras contain an insecure direct object reference (IDOR) vulnerability that allows a remote, attacker to bypass authentication for the /cgi-bin/param.cgi CGI script. If combined with CVE-2024-8957, this can lead to remote code execution as root.

    Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://ptzoptics.com/firmware-changelog/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-8956

    Alert Date: Nov 04, 2024 | 303 days ago

    9.8

    CRITICAL
    CVE-2024-8957 - PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability -

    Action Due Nov 25, 2024 Target Vendor : PTZOptics

    Description : PTZOptics PT30X-SDI/NDI cameras contain an OS command injection vulnerability that allows a remote, authenticated attacker to escalate privileges to root via a crafted payload with the ntp_addr parameter of the /cgi-bin/param.cgi CGI script.

    Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://ptzoptics.com/firmware-changelog/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-8957

    Alert Date: Nov 04, 2024 | 303 days ago

    6.1

    MEDIUM
    CVE-2024-37383 - RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability -

    Action Due Nov 14, 2024 Target Vendor : Roundcube

    Description : RoundCube Webmail contains a cross-site scripting (XSS) vulnerability in the handling of SVG animate attributes that allows a remote attacker to run malicious JavaScript code.

    Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://github.com/roundcube/roundcubemail/releases/tag/1.5.7, https://github.com/roundcube/roundcubemail/releases/tag/1.6.7 ; https://nvd.nist.gov/vuln/detail/CVE-2024-37383

    Alert Date: Oct 24, 2024 | 314 days ago

    5.8

    MEDIUM
    CVE-2024-20481 - Cisco ASA and FTD Denial-of-Service Vulnerability -

    Action Due Nov 14, 2024 Target Vendor : Cisco

    Description : Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a missing release of resource after effective lifetime vulnerability that could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) of the RAVPN service.

    Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-bf-dos-vDZhLqrW ; https://nvd.nist.gov/vuln/detail/CVE-2024-20481

    Alert Date: Oct 24, 2024 | 314 days ago

    9.8

    CRITICAL
    CVE-2024-47575 - Fortinet FortiManager Missing Authentication Vulnerability -

    Action Due Nov 13, 2024 Target Vendor : Fortinet

    Description : Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.

    Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://fortiguard.fortinet.com/psirt/FG-IR-24-423 ; https://nvd.nist.gov/vuln/detail/CVE-2024-47575

    Alert Date: Oct 23, 2024 | 315 days ago

    7.2

    HIGH
    CVE-2024-38094 - Microsoft SharePoint Deserialization Vulnerability -

    Action Due Nov 12, 2024 Target Vendor : Microsoft

    Description : Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution.

    Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094 ; https://nvd.nist.gov/vuln/detail/CVE-2024-38094

    Alert Date: Oct 22, 2024 | 316 days ago

    9.8

    CRITICAL
    CVE-2024-9537 - ScienceLogic SL1 Unspecified Vulnerability -

    Action Due Nov 11, 2024 Target Vendor : ScienceLogic

    Description : ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component.

    Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://support.sciencelogic.com/s/article/15527 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9537

    Alert Date: Oct 21, 2024 | 317 days ago

    9.8

    CRITICAL
    CVE-2024-40711 - Veeam Backup and Replication Deserialization Vulnerability -

    Action Due Nov 07, 2024 Target Vendor : Veeam

    Description : Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution.

    Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://www.veeam.com/kb4649 ; https://nvd.nist.gov/vuln/detail/CVE-2024-40711

    Alert Date: Oct 17, 2024 | 321 days ago

    9.1

    CRITICAL
    CVE-2024-28987 - SolarWinds Web Help Desk Hardcoded Credential Vulnerability -

    Action Due Nov 05, 2024 Target Vendor : SolarWinds

    Description : SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data.

    Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28987 ; https://nvd.nist.gov/vuln/detail/CVE-2024-28987

    Alert Date: Oct 15, 2024 | 323 days ago

    9.8

    CRITICAL
    CVE-2024-9680 - Mozilla Firefox Use-After-Free Vulnerability -

    Action Due Nov 05, 2024 Target Vendor : Mozilla

    Description : Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code execution in the content process.

    Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-9680

    Alert Date: Oct 15, 2024 | 323 days ago

    7.0

    HIGH
    CVE-2024-30088 - Microsoft Windows Kernel TOCTOU Race Condition Vulnerability -

    Action Due Nov 05, 2024 Target Vendor : Microsoft

    Description : Microsoft Windows Kernel contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that could allow for privilege escalation.

    Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-30088 ; https://nvd.nist.gov/vuln/detail/CVE-2024-30088

    Alert Date: Oct 15, 2024 | 323 days ago

    7.2

    HIGH
    CVE-2024-9379 - Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability -

    Action Due Oct 30, 2024 Target Vendor : Ivanti

    Description : Ivanti Cloud Services Appliance (CSA) contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements.

    Action : As Ivanti CSA 4.6.x has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line, or later, of supported solution.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9379

    Alert Date: Oct 09, 2024 | 329 days ago

    9.8

    CRITICAL
    CVE-2024-23113 - Fortinet Multiple Products Format String Vulnerability -

    Action Due Oct 30, 2024 Target Vendor : Fortinet

    Description : Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb contain a format string vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.

    Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://www.fortiguard.com/psirt/FG-IR-24-029 ; https://nvd.nist.gov/vuln/detail/CVE-2024-23113

    Alert Date: Oct 09, 2024 | 329 days ago

    7.2

    HIGH
    CVE-2024-9380 - Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability -

    Action Due Oct 30, 2024 Target Vendor : Ivanti

    Description : Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.

    Action : As Ivanti CSA 4.6.x has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line, or later, of supported solution.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9380

    Alert Date: Oct 09, 2024 | 329 days ago
Showing 20 of 1411 Results

Filters