CISA Known Exploited Vulnerabilities (KEV)

CVE-2023-29300 - Adobe ColdFusion Deserialization of Untrusted Data Vulnerability -

Action Due Jan 29, 2024 Target Vendor : Adobe

Description : Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html; https://nvd.nist.gov/vuln/detail/CVE-2023-29300

CVE-2023-7101 - Spreadsheet::ParseExcel Remote Code Execution Vulnerability -

Action Due Jan 23, 2024 Target Vendor : Spreadsheet::ParseExcel

Description : Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, the issue stems from the evaluation of Number format strings within the Excel parsing logic.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://metacpan.org/dist/Spreadsheet-ParseExcel and Barracuda's specific implementation and fix for their downstream issue CVE-2023-7102 at https://www.barracuda.com/company/legal/esg-vulnerability; https://nvd.nist.gov/vuln/detail/CVE-2023-7101

CVE-2023-7024 - Google Chromium WebRTC Heap Buffer Overflow Vulnerability -

Action Due Jan 23, 2024 Target Vendor : Google

Description : Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using WebRTC, including but not limited to Google Chrome.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html; https://nvd.nist.gov/vuln/detail/CVE-2023-7024

CVE-2023-49897 - FXC AE1021, AE1021PE OS Command Injection Vulnerability -

Action Due Jan 11, 2024 Target Vendor : FXC

Description : FXC AE1021 and AE1021PE contain an OS command injection vulnerability that allows authenticated users to execute commands via a network.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.fxc.jp/news/20231206 ; https://nvd.nist.gov/vuln/detail/CVE-2023-49897

CVE-2023-47565 - QNAP VioStor NVR OS Command Injection Vulnerability -

Action Due Jan 11, 2024 Target Vendor : QNAP

Description : QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.qnap.com/en/security-advisory/qsa-23-48 ; https://nvd.nist.gov/vuln/detail/CVE-2023-47565

CVE-2023-6448 - Unitronics Vision PLC and HMI Insecure Default Password Vulnerability -

Action Due Dec 18, 2023 Target Vendor : Unitronics

Description : Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : Note that while it is possible to change the default password, implementors are encouraged to remove affected controllers from public networks and update the affected firmware: https://downloads.unitronicsplc.com/Sites/plc/Technical_Library/Unitronics-Cybersecurity-Advisory-2023-001-CVE-2023-6448.pdf; https://nvd.nist.gov/vuln/detail/CVE-2023-6448

CVE-2023-41266 - Qlik Sense Path Traversal Vulnerability -

Action Due Dec 28, 2023 Target Vendor : Qlik

Description : Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session could allow the attacker to send further requests to unauthorized endpoints.

Action : Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2110801 ; https://nvd.nist.gov/vuln/detail/CVE-2023-41266

CVE-2023-41265 - Qlik Sense HTTP Tunneling Vulnerability -

Action Due Dec 28, 2023 Target Vendor : Qlik

Description : Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.

Action : Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2110801; https://nvd.nist.gov/vuln/detail/CVE-2023-41265

CVE-2023-33106 - Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability -

Action Due Dec 26, 2023 Target Vendor : Qualcomm

Description : Multiple Qualcomm chipsets contain a use of out-of-range pointer offset vulnerability due to memory corruption in Graphics while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.

Action : Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://git.codelinaro.org/clo/la/kernel/msm-4.19/-/commit/1e46e81dbeb69aafd5842ce779f07e617680fd58; https://nvd.nist.gov/vuln/detail/CVE-2023-33106

CVE-2023-33063 - Qualcomm Multiple Chipsets Use-After-Free Vulnerability -

Action Due Dec 26, 2023 Target Vendor : Qualcomm

Description : Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services during a remote call from HLOS to DSP.

Action : Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://git.codelinaro.org/clo/la/kernel/msm-5.15/-/commit/2643808ddbedfaabbb334741873fb2857f78188a, https://git.codelinaro.org/clo/la/kernel/msm-4.14/-/commit/d43222efda5a01c9804d74a541e3c1be9b7fe110; https://nvd.nist.gov/vuln/detail/CVE-2023-33063

CVE-2022-22071 - Qualcomm Multiple Chipsets Use-After-Free Vulnerability -

Action Due Dec 26, 2023 Target Vendor : Qualcomm

Description : Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in progress.

Action : Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/586840fde350d7b8563df9889c8ce397e2c20dda; https://nvd.nist.gov/vuln/detail/CVE-2022-22071

CVE-2023-33107 - Qualcomm Multiple Chipsets Integer Overflow Vulnerability -

Action Due Dec 26, 2023 Target Vendor : Qualcomm

Description : Multiple Qualcomm chipsets contain an integer overflow vulnerability due to memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call.

Action : Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://git.codelinaro.org/clo/la/kernel/msm-4.19/-/commit/d66b799c804083ea5226cfffac6d6c4e7ad4968b; https://nvd.nist.gov/vuln/detail/CVE-2023-33107

CVE-2023-42917 - Apple Multiple Products WebKit Memory Corruption Vulnerability -

Action Due Dec 25, 2023 Target Vendor : Apple

Description : Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Action : Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://support.apple.com/en-us/HT214031, https://support.apple.com/en-us/HT214032, https://support.apple.com/en-us/HT214033 ; https://nvd.nist.gov/vuln/detail/CVE-2023-42917

CVE-2023-42916 - Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability -

Action Due Dec 25, 2023 Target Vendor : Apple

Description : Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Action : Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://support.apple.com/en-us/HT214031, https://support.apple.com/en-us/HT214032, https://support.apple.com/en-us/HT214033 ; https://nvd.nist.gov/vuln/detail/CVE-2023-42916

CVE-2023-49103 - ownCloud graphapi Information Disclosure Vulnerability -

Action Due Dec 21, 2023 Target Vendor : ownCloud

Description : ownCloud graphapi contains an information disclosure vulnerability that can reveal sensitive data stored in phpinfo() via GetPhpInfo.php, including administrative credentials.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://owncloud.com/security-advisories/disclosure-of-sensitive-credentials-and-configuration-in-containerized-deployments/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-49103

CVE-2023-6345 - Google Skia Integer Overflow Vulnerability -

Action Due Dec 21, 2023 Target Vendor : Google

Description : Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a malicious file. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html ; https://nvd.nist.gov/vuln/detail/CVE-2023-6345

CVE-2023-4911 - GNU C Library Buffer Overflow Vulnerability -

Action Due Dec 12, 2023 Target Vendor : GNU

Description : GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileges.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa, https://access.redhat.com/security/cve/cve-2023-4911, https://www.debian.org/security/2023/dsa-5514 ; https://nvd.nist.gov/vuln/detail/CVE-2023-4911

CVE-2023-36584 - Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability -

Action Due Dec 07, 2023 Target Vendor : Microsoft

Description : Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36584 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36584

CVE-2023-1671 - Sophos Web Appliance Command Injection Vulnerability -

Action Due Dec 07, 2023 Target Vendor : Sophos

Description : Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce; https://nvd.nist.gov/vuln/detail/CVE-2023-1671

CVE-2020-2551 - Oracle Fusion Middleware Unspecified Vulnerability -

Action Due Dec 07, 2023 Target Vendor : Oracle

Description : Oracle Fusion Middleware contains an unspecified vulnerability in the WLS Core Components that allows an unauthenticated attacker with network access via IIOP to compromise the WebLogic Server.

Action : Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.oracle.com/security-alerts/cpujan2020.html; https://nvd.nist.gov/vuln/detail/CVE-2020-2551