CISA Known Exploited Vulnerabilities (KEV)

CVE-2019-0543 - Microsoft Windows Privilege Escalation Vulnerability -

Action Due Apr 05, 2022 Target Vendor : Microsoft

Description : A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-0543

CVE-2018-8120 - Microsoft Win32k Privilege Escalation Vulnerability -

Action Due Apr 05, 2022 Target Vendor : Microsoft

Description : A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-8120

CVE-2017-0101 - Microsoft Windows Transaction Manager Privilege Escalation Vulnerability -

Action Due Apr 05, 2022 Target Vendor : Microsoft

Description : A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-0101

CVE-2016-3309 - Microsoft Windows Kernel Privilege Escalation Vulnerability -

Action Due Apr 05, 2022 Target Vendor : Microsoft

Description : A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-3309

CVE-2015-2546 - Microsoft Win32k Memory Corruption Vulnerability -

Action Due Apr 05, 2022 Target Vendor : Microsoft

Description : The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-2546

CVE-2020-5135 - SonicWall SonicOS Buffer Overflow Vulnerability -

Action Due Apr 05, 2022 Target Vendor : SonicWall

Description : A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-5135

CVE-2019-1129 - Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability -

Action Due Apr 05, 2022 Target Vendor : Microsoft

Description : A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-1129

CVE-2022-26486 - Mozilla Firefox Use-After-Free Vulnerability -

Action Due Mar 21, 2022 Target Vendor : Mozilla

Description : Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-26486

CVE-2022-26485 - Mozilla Firefox Use-After-Free Vulnerability -

Action Due Mar 21, 2022 Target Vendor : Mozilla

Description : Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-26485

CVE-2021-21973 - VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability -

Action Due Mar 21, 2022 Target Vendor : VMware

Description : VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21973

CVE-2020-8218 - Pulse Connect Secure Code Injection Vulnerability -

Action Due Sep 07, 2022 Target Vendor : Pulse Secure

Description : A code injection vulnerability exists in Pulse Connect Secure that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-8218

CVE-2019-11581 - Atlassian Jira Server and Data Center Server-Side Template Injection Vulnerability -

Action Due Sep 07, 2022 Target Vendor : Atlassian

Description : Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-11581

CVE-2017-6077 - NETGEAR DGN2200 Remote Code Execution Vulnerability -

Action Due Sep 07, 2022 Target Vendor : NETGEAR

Description : NETGEAR DGN2200 wireless routers contain a vulnerability that allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-6077

CVE-2016-6277 - NETGEAR Multiple Routers Remote Code Execution Vulnerability -

Action Due Sep 07, 2022 Target Vendor : NETGEAR

Description : NETGEAR confirmed multiple routers allow unauthenticated web pages to pass form input directly to the command-line interface, permitting remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-6277

CVE-2013-0631 - Adobe ColdFusion Information Disclosure Vulnerability -

Action Due Sep 07, 2022 Target Vendor : Adobe

Description : Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-0631

CVE-2013-0629 - Adobe ColdFusion Directory Traversal Vulnerability -

Action Due Sep 07, 2022 Target Vendor : Adobe

Description : Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-0629

CVE-2009-3960 - Adobe BlazeDS Information Disclosure Vulnerability -

Action Due Sep 07, 2022 Target Vendor : Adobe

Description : Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2009-3960

CVE-2013-0625 - Adobe ColdFusion Authentication Bypass Vulnerability -

Action Due Sep 07, 2022 Target Vendor : Adobe

Description : Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-0625

CVE-2016-5195 - Linux Kernel Race Condition Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Linux

Description : Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-5195

CVE-2022-20701 - Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Description : A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-20701