CISA Known Exploited Vulnerabilities (KEV)

CVE-2024-43461 - Microsoft Windows MSHTML Platform Spoofing Vulnerability -

Action Due Oct 07, 2024 Target Vendor : Microsoft

Description : Microsoft Windows MSHTML Platform contains a user interface (UI) misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerability was exploited in conjunction with CVE-2024-38112.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43461 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43461

CVE-2024-8190 - Ivanti Cloud Services Appliance OS Command Injection Vulnerability -

Action Due Oct 04, 2024 Target Vendor : Ivanti

Description : Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.

Action : As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive future security updates.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190; https://nvd.nist.gov/vuln/detail/CVE-2024-8190

CVE-2024-43491 - Microsoft Windows Update Remote Code Execution Vulnerability -

Action Due Oct 01, 2024 Target Vendor : Microsoft

Description : Microsoft Windows Update contains an unspecified vulnerability that allows for remote code execution.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43491; https://nvd.nist.gov/vuln/detail/CVE-2024-43491

CVE-2024-38014 - Microsoft Windows Installer Improper Privilege Management Vulnerability -

Action Due Oct 01, 2024 Target Vendor : Microsoft

Description : Microsoft Windows Installer contains an improper privilege management vulnerability that could allow an attacker to gain SYSTEM privileges.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38014; https://nvd.nist.gov/vuln/detail/CVE-2024-38014

CVE-2024-38226 - Microsoft Publisher Protection Mechanism Failure Vulnerability -

Action Due Oct 01, 2024 Target Vendor : Microsoft

Description : Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38226; https://nvd.nist.gov/vuln/detail/CVE-2024-38226

CVE-2024-38217 - Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability -

Action Due Oct 01, 2024 Target Vendor : Microsoft

Description : Microsoft Windows Mark of the Web (MOTW) contains a protection mechanism failure vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38217; https://nvd.nist.gov/vuln/detail/CVE-2024-38217

CVE-2024-40766 - SonicWall SonicOS Improper Access Control Vulnerability -

Action Due Sep 30, 2024 Target Vendor : SonicWall

Description : SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015; https://nvd.nist.gov/vuln/detail/CVE-2024-40766

CVE-2017-1000253 - Linux Kernel PIE Stack Buffer Corruption Vulnerability -

Action Due Sep 30, 2024 Target Vendor : Linux

Description : Linux kernel contains a position-independent executable (PIE) stack buffer corruption vulnerability in load_elf_ binary() that allows a local attacker to escalate privileges.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Known

Notes : This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a87938b2e246b81b4fb713edb371a9fa3c5c3c86; https://nvd.nist.gov/vuln/detail/CVE-2017-1000253

CVE-2016-3714 - ImageMagick Improper Input Validation Vulnerability -

Action Due Sep 30, 2024 Target Vendor : ImageMagick

Description : ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588#p132726, https://imagemagick.org/archive/releases/; https://nvd.nist.gov/vuln/detail/CVE-2016-3714

CVE-2024-7262 - Kingsoft WPS Office Path Traversal Vulnerability -

Action Due Sep 24, 2024 Target Vendor : Kingsoft

Description : Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : While CISA cannot confirm the effectiveness of patches at this time, it is recommended that mitigations be applied per vendor instructions if available. If these instructions cannot be located or if mitigations are unavailable, discontinue the use of the product.; https://nvd.nist.gov/vuln/detail/CVE-2024-7262

CVE-2021-20124 - Draytek VigorConnect Path Traversal Vulnerability -

Action Due Sep 24, 2024 Target Vendor : DrayTek

Description : Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.draytek.com/about/security-advisory/vigorconnect-software-security-vulnerability-(cve-2021-20123-cve-2021-20129); https://nvd.nist.gov/vuln/detail/CVE-2021-20124

CVE-2021-20123 - Draytek VigorConnect Path Traversal Vulnerability -

Action Due Sep 24, 2024 Target Vendor : DrayTek

Description : Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.draytek.com/about/security-advisory/vigorconnect-software-security-vulnerability-(cve-2021-20123-cve-2021-20129); https://nvd.nist.gov/vuln/detail/CVE-2021-20123

CVE-2024-7965 - Google Chromium V8 Inappropriate Implementation Vulnerability -

Action Due Sep 18, 2024 Target Vendor : Google

Description : Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html; https://nvd.nist.gov/vuln/detail/CVE-2024-7965

CVE-2024-38856 - Apache OFBiz Incorrect Authorization Vulnerability -

Action Due Sep 17, 2024 Target Vendor : Apache

Description : Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated attacker.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://lists.apache.org/thread/olxxjk6b13sl3wh9cmp0k2dscvp24l7w; https://nvd.nist.gov/vuln/detail/CVE-2024-38856

CVE-2024-7971 - Google Chromium V8 Type Confusion Vulnerability -

Action Due Sep 16, 2024 Target Vendor : Google

Description : Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html; https://nvd.nist.gov/vuln/detail/CVE-2024-7971

CVE-2024-39717 - Versa Director Dangerous File Type Upload Vulnerability -

Action Due Sep 13, 2024 Target Vendor : Versa

Description : The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface. The “Change Favicon” (Favorite Icon) enables the upload of a .png file, which can be exploited to upload a malicious file with a .png extension disguised as an image.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability/; https://nvd.nist.gov/vuln/detail/CVE-2024-39717

CVE-2021-31196 - Microsoft Exchange Server Information Disclosure Vulnerability -

Action Due Sep 11, 2024 Target Vendor : Microsoft

Description : Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2021-31196; https://nvd.nist.gov/vuln/detail/CVE-2021-31196

CVE-2022-0185 - Linux Kernel Heap-Based Buffer Overflow Vulnerability -

Action Due Sep 11, 2024 Target Vendor : Linux

Description : Linux kernel contains a heap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem Context API and ultimately escalate privileges.

Action : Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=722d94847de2; https://nvd.nist.gov/vuln/detail/CVE-2022-0185

CVE-2021-33045 - Dahua IP Camera Authentication Bypass Vulnerability -

Action Due Sep 11, 2024 Target Vendor : Dahua

Description : Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.dahuasecurity.com/aboutUs/trustedCenter/details/582; https://nvd.nist.gov/vuln/detail/CVE-2021-33045

CVE-2021-33044 - Dahua IP Camera Authentication Bypass Vulnerability -

Action Due Sep 11, 2024 Target Vendor : Dahua

Description : Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument is specified by the client during authentication.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.dahuasecurity.com/aboutUs/trustedCenter/details/582; https://nvd.nist.gov/vuln/detail/CVE-2021-33044