CISA Known Exploited Vulnerabilities (KEV)

CVE-2013-3163 - Microsoft Internet Explorer Memory Corruption Vulnerability -

Action Due Apr 20, 2023 Target Vendor : Microsoft

Description : Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website.

Action : The impacted product is end-of-life and should be disconnected if still in use.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://learn.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055; https://nvd.nist.gov/vuln/detail/CVE-2013-3163

CVE-2022-3038 - Google Chromium Network Service Use-After-Free Vulnerability -

Action Due Apr 20, 2023 Target Vendor : Google

Description : Google Chromium Network Service contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html; https://nvd.nist.gov/vuln/detail/CVE-2022-3038

CVE-2023-26360 - Adobe ColdFusion Deserialization of Untrusted Data Vulnerability -

Action Due Apr 05, 2023 Target Vendor : Adobe

Description : Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html; https://nvd.nist.gov/vuln/detail/CVE-2023-26360

CVE-2023-23397 - Microsoft Office Outlook Privilege Escalation Vulnerability -

Action Due Apr 04, 2023 Target Vendor : Microsoft

Description : Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397, https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/, ; https://nvd.nist.gov/vuln/detail/CVE-2023-23397

CVE-2023-24880 - Microsoft Windows SmartScreen Security Feature Bypass Vulnerability -

Action Due Apr 04, 2023 Target Vendor : Microsoft

Description : Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-24880; https://nvd.nist.gov/vuln/detail/CVE-2023-24880

CVE-2022-41328 - Fortinet FortiOS Path Traversal Vulnerability -

Action Due Apr 04, 2023 Target Vendor : Fortinet

Description : Fortinet FortiOS contains a path traversal vulnerability that may allow a local privileged attacker to read and write files via crafted CLI commands.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.fortiguard.com/psirt/FG-IR-22-369; https://nvd.nist.gov/vuln/detail/CVE-2022-41328

CVE-2020-5741 - Plex Media Server Remote Code Execution Vulnerability -

Action Due Mar 31, 2023 Target Vendor : Plex

Description : Plex Media Server contains a remote code execution vulnerability that allows an attacker with access to the server administrator's Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://forums.plex.tv/t/security-regarding-cve-2020-5741/586819; https://nvd.nist.gov/vuln/detail/CVE-2020-5741

CVE-2021-39144 - XStream Remote Code Execution Vulnerability -

Action Due Mar 31, 2023 Target Vendor : XStream

Description : XStream contains a remote code execution vulnerability that allows an attacker to manipulate the processed input stream and replace or inject objects that result in the execution of a local command on the server. This vulnerability can affect multiple products, including but not limited to VMware Cloud Foundation.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.vmware.com/security/advisories/VMSA-2022-0027.html, https://x-stream.github.io/CVE-2021-39144.html; https://nvd.nist.gov/vuln/detail/CVE-2021-39144

CVE-2022-28810 - Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability -

Action Due Mar 28, 2023 Target Vendor : Zoho

Description : Zoho ManageEngine ADSelfService Plus contains an unspecified vulnerability allowing for remote code execution when performing a password change or reset.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-28810.html; https://nvd.nist.gov/vuln/detail/CVE-2022-28810

CVE-2022-33891 - Apache Spark Command Injection Vulnerability -

Action Due Mar 28, 2023 Target Vendor : Apache

Description : Apache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) are enabled.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://lists.apache.org/thread/p847l3kopoo5bjtmxrcwk21xp6tjxqlc; https://nvd.nist.gov/vuln/detail/CVE-2022-33891

CVE-2022-35914 - Teclib GLPI Remote Code Execution Vulnerability -

Action Due Mar 28, 2023 Target Vendor : Teclib

Description : Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://glpi-project.org/fr/glpi-10-0-3-disponible/, http://www.bioinformatics.org/phplabware/sourceer/sourceer.php?&Sfs=htmLawedTest.php&Sl=.%2Finternal_utilities%2FhtmLawed.; https://nvd.nist.gov/vuln/detail/CVE-2022-35914

CVE-2022-36537 - ZK Framework AuUploader Unspecified Vulnerability -

Action Due Mar 20, 2023 Target Vendor : ZK Framework

Description : ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to ConnectWise R1Soft Server Backup Manager.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://tracker.zkoss.org/browse/ZK-5150; https://nvd.nist.gov/vuln/detail/CVE-2022-36537

CVE-2022-47986 - IBM Aspera Faspex Code Execution Vulnerability -

Action Due Mar 14, 2023 Target Vendor : IBM

Description : IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://exchange.xforce.ibmcloud.com/vulnerabilities/243512?_ga=2.189195179.1800390251.1676559338-700333034.1676325890; https://nvd.nist.gov/vuln/detail/CVE-2022-47986

CVE-2022-41223 - Mitel MiVoice Connect Code Injection Vulnerability -

Action Due Mar 14, 2023 Target Vendor : Mitel

Description : The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008; https://nvd.nist.gov/vuln/detail/CVE-2022-41223

CVE-2022-40765 - Mitel MiVoice Connect Command Injection Vulnerability -

Action Due Mar 14, 2023 Target Vendor : Mitel

Description : The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0007; https://nvd.nist.gov/vuln/detail/CVE-2022-40765

CVE-2022-46169 - Cacti Command Injection Vulnerability -

Action Due Mar 09, 2023 Target Vendor : Cacti

Description : Cacti contains a command injection vulnerability that allows an unauthenticated user to execute code.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf; https://nvd.nist.gov/vuln/detail/CVE-2022-46169

CVE-2023-23376 - Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability -

Action Due Mar 07, 2023 Target Vendor : Microsoft

Description : Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23376; https://nvd.nist.gov/vuln/detail/CVE-2023-23376

CVE-2023-21823 - Microsoft Windows Graphic Component Privilege Escalation Vulnerability -

Action Due Mar 07, 2023 Target Vendor : Microsoft

Description : Microsoft Windows Graphic Component contains an unspecified vulnerability that allows for privilege escalation.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21823; https://nvd.nist.gov/vuln/detail/CVE-2023-21823

CVE-2023-21715 - Microsoft Office Publisher Security Feature Bypass Vulnerability -

Action Due Mar 07, 2023 Target Vendor : Microsoft

Description : Microsoft Office Publisher contains a security feature bypass vulnerability that allows for a local, authenticated attack on a targeted system.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21715; https://nvd.nist.gov/vuln/detail/CVE-2023-21715

CVE-2023-23529 - Apple Multiple Products WebKit Type Confusion Vulnerability -

Action Due Mar 07, 2023 Target Vendor : Apple

Description : Apple iOS, MacOS, Safari and iPadOS WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://support.apple.com/en-us/HT213635, https://support.apple.com/en-us/HT213633, https://support.apple.com/en-us/HT213638; https://nvd.nist.gov/vuln/detail/CVE-2023-23529