CISA Known Exploited Vulnerabilities Catalog
9.8
CVE-2022-22963 - VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability -
Action Due Sep 15, 2022 Target Vendor : VMware Tanzu
Description : When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://tanzu.vmware.com/security/cve-2022-22963; https://nvd.nist.gov/vuln/detail/CVE-2022-22963
7.5
CVE-2020-36193 - PEAR Archive_Tar Improper Link Resolution Vulnerability -
Action Due Sep 15, 2022 Target Vendor : PEAR
Description : PEAR Archive_Tar Tar.php allows write operations with directory traversal due to inadequate checking of symbolic links. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as Drupal Core and Red Hat Linux.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916, https://www.drupal.org/sa-core-2021-001, https://access.redhat.com/security/cve/cve-2020-36193; https://nvd.nist.gov/vuln/detail/CVE-2020-36193
8.6
CVE-2022-0028 - Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability -
Action Due Sep 12, 2022 Target Vendor : Palo Alto Networks
Description : A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://security.paloaltonetworks.com/CVE-2022-0028; https://nvd.nist.gov/vuln/detail/CVE-2022-0028
7.8
CVE-2022-32894 - Apple iOS and macOS Out-of-Bounds Write Vulnerability -
Action Due Sep 08, 2022 Target Vendor : Apple
Description : Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://support.apple.com/en-gb/HT213412, https://support.apple.com/en-gb/HT213413; https://nvd.nist.gov/vuln/detail/CVE-2022-32894
8.8
CVE-2022-32893 - Apple iOS and macOS Out-of-Bounds Write Vulnerability -
Action Due Sep 08, 2022 Target Vendor : Apple
Description : Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow for remote code execution when processing malicious crafted web content.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://support.apple.com/en-gb/HT213412, https://support.apple.com/en-gb/HT213413; https://nvd.nist.gov/vuln/detail/CVE-2022-32893
6.5
CVE-2022-2856 - Google Chromium Intents Insufficient Input Validation Vulnerability -
Action Due Sep 08, 2022 Target Vendor : Google
Description : Google Chromium Intents contains an insufficient validation of untrusted input vulnerability that allows a remote attacker to browse to a malicious website via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html; https://nvd.nist.gov/vuln/detail/CVE-2022-2856
8.8
CVE-2022-26923 - Microsoft Active Directory Domain Services Privilege Escalation Vulnerability -
Action Due Sep 08, 2022 Target Vendor : Microsoft
Description : An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalation to SYSTEM.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26923; https://nvd.nist.gov/vuln/detail/CVE-2022-26923
7.8
CVE-2022-21971 - Microsoft Windows Runtime Remote Code Execution Vulnerability -
Action Due Sep 08, 2022 Target Vendor : Microsoft
Description : Microsoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21971; https://nvd.nist.gov/vuln/detail/CVE-2022-21971
9.8
CVE-2017-15944 - Palo Alto Networks PAN-OS Remote Code Execution Vulnerability -
Action Due Sep 08, 2022 Target Vendor : Palo Alto Networks
Description : Palo Alto Networks PAN-OS contains multiple, unspecified vulnerabilities which can allow for remote code execution when chained.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://security.paloaltonetworks.com/CVE-2017-15944; https://nvd.nist.gov/vuln/detail/CVE-2017-15944
10.0
CVE-2022-22536 - SAP Multiple Products HTTP Request Smuggling Vulnerability -
Action Due Sep 08, 2022 Target Vendor : SAP
Description : SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server and SAP Web Dispatcher allow HTTP request smuggling. An unauthenticated attacker can prepend a victim's request with arbitrary data, allowing for function execution impersonating the victim or poisoning intermediary Web caches.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : SAP users must have an account in order to login and access the patch. https://accounts.sap.com/saml2/idp/sso; https://nvd.nist.gov/vuln/detail/CVE-2022-22536
7.2
CVE-2022-27925 - Zimbra Collaboration (ZCS) Arbitrary File Upload Vulnerability -
Action Due Sep 01, 2022 Target Vendor : Zimbra
Description : Zimbra Collaboration (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://blog.zimbra.com/2022/08/authentication-bypass-in-mailboximportservlet-vulnerability/; https://nvd.nist.gov/vuln/detail/CVE-2022-27925
9.8
CVE-2022-37042 - Zimbra Collaboration (ZCS) Authentication Bypass Vulnerability -
Action Due Sep 01, 2022 Target Vendor : Zimbra
Description : Zimbra Collaboration (ZCS) contains an authentication bypass vulnerability in MailboxImportServlet. This vulnerability was chained with CVE-2022-27925 which allows for unauthenticated remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://blog.zimbra.com/2022/08/authentication-bypass-in-mailboximportservlet-vulnerability/; https://nvd.nist.gov/vuln/detail/CVE-2022-37042
7.8
CVE-2022-34713 - Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability -
Action Due Aug 30, 2022 Target Vendor : Microsoft
Description : A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34713; https://nvd.nist.gov/vuln/detail/CVE-2022-34713
7.5
CVE-2022-30333 - RARLAB UnRAR Directory Traversal Vulnerability -
Action Due Aug 30, 2022 Target Vendor : RARLAB
Description : RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : Vulnerability updated with version 6.12. Accessing link will download update information: https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz; https://nvd.nist.gov/vuln/detail/CVE-2022-30333
7.5
CVE-2022-27924 - Zimbra Collaboration (ZCS) Command Injection Vulnerability -
Action Due Aug 25, 2022 Target Vendor : Zimbra
Description : Zimbra Collaboration (ZCS) allows an attacker to inject memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24.1#Security_Fixes; https://nvd.nist.gov/vuln/detail/CVE-2022-27924
9.8
CVE-2022-26138 - Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability -
Action Due Aug 19, 2022 Target Vendor : Atlassian
Description : Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://confluence.atlassian.com/doc/questions-for-confluence-security-advisory-2022-07-20-1142446709.html; https://nvd.nist.gov/vuln/detail/CVE-2022-26138
7.8
CVE-2022-22047 - Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability -
Action Due Aug 02, 2022 Target Vendor : Microsoft
Description : Microsoft Windows CSRSS contains an unspecified vulnerability that allows for privilege escalation to SYSTEM privileges.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047; https://nvd.nist.gov/vuln/detail/CVE-2022-22047
8.1
CVE-2022-26925 - Microsoft Windows LSA Spoofing Vulnerability -
Action Due Jul 22, 2022 Target Vendor : Microsoft
Description : Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM.
Action : Apply remediation actions outlined in CISA guidance [https://www.cisa.gov/guidance-applying-june-microsoft-patch].
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : WARNING: This update is required on all Microsoft Windows endpoints but if deployed to domain controllers without additional configuration changes the update breaks PIV/CAC authentication. Read CISA implementation guidance carefully before deploying to domain controllers.; https://nvd.nist.gov/vuln/detail/CVE-2022-26925
7.8
CVE-2021-4034 - Red Hat Polkit Out-of-Bounds Read and Write Vulnerability -
Action Due Jul 18, 2022 Target Vendor : Red Hat
Description : The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-4034
7.8
CVE-2021-30983 - Apple iOS and iPadOS Buffer Overflow Vulnerability -
Action Due Jul 18, 2022 Target Vendor : Apple
Description : Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30983