CISA Known Exploited Vulnerabilities (KEV)

CVE-2017-1000486 - Primetek Primefaces Remote Code Execution Vulnerability -

Action Due Jul 10, 2022 Target Vendor : Primetek

Description : Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-1000486

CVE-2019-7609 - Kibana Arbitrary Code Execution -

Action Due Jul 10, 2022 Target Vendor : Elastic

Description : Kibana contain an arbitrary code execution flaw in the Timelion visualizer.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-7609

CVE-2021-27860 - FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit -

Action Due Jan 24, 2022 Target Vendor : FatPipe

Description : A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-27860

CVE-2019-9670 - Synacor Zimbra Collaboration (ZCS) Improper Restriction of XML External Entity Reference -

Action Due Jul 10, 2022 Target Vendor : Synacor

Description : Improper Restriction of XML External Entity Reference vulnerability affecting Synacor Zimbra Collaboration (ZCS).

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-9670

CVE-2015-7450 - IBM WebSphere Application Server and Server Hypervisor Edition Code Injection. -

Action Due Jul 10, 2022 Target Vendor : IBM

Description : Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-7450

CVE-2021-43890 - Microsoft Windows AppX Installer Spoofing Vulnerability -

Action Due Dec 29, 2021 Target Vendor : Microsoft

Description : Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-43890

CVE-2021-4102 - Google Chromium V8 Use-After-Free Vulnerability -

Action Due Dec 29, 2021 Target Vendor : Google

Description : Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-4102

CVE-2021-44515 - Zoho Desktop Central Authentication Bypass Vulnerability -

Action Due Dec 24, 2021 Target Vendor : Zoho

Description : Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-44515

CVE-2019-13272 - Linux Kernel Improper Privilege Management Vulnerability -

Action Due Jun 10, 2022 Target Vendor : Linux

Description : Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability that allows local users to obtain root access.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-13272

CVE-2021-35394 - Realtek Jungle SDK Remote Code Execution Vulnerability -

Action Due Dec 24, 2021 Target Vendor : Realtek

Description : RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-35394

CVE-2019-0193 - Apache Solr DataImportHandler Code Injection Vulnerability -

Action Due Jun 10, 2022 Target Vendor : Apache

Description : The optional Apache Solr module DataImportHandler contains a code injection vulnerability.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-0193

CVE-2021-44168 - Fortinet FortiOS Arbitrary File Download -

Action Due Dec 24, 2021 Target Vendor : Fortinet

Description : Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-44168

CVE-2017-17562 - Embedthis GoAhead Remote Code Execution Vulnerability -

Action Due Jun 10, 2022 Target Vendor : Embedthis

Description : Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-17562

CVE-2017-12149 - Red Hat JBoss Application Server Remote Code Execution Vulnerability -

Action Due Jun 10, 2022 Target Vendor : Red Hat

Description : The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-12149

CVE-2010-1871 - Red Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability -

Action Due Jun 10, 2022 Target Vendor : Red Hat

Description : JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2010-1871

CVE-2020-17463 - Fuel CMS SQL Injection Vulnerability -

Action Due Jun 10, 2022 Target Vendor : Fuel CMS

Description : FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-17463

CVE-2020-8816 - Pi-Hole AdminLTE Remote Code Execution Vulnerability -

Action Due Jun 10, 2022 Target Vendor : Pi-hole

Description : Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-8816

CVE-2019-10758 - MongoDB mongo-express Remote Code Execution Vulnerability -

Action Due Jun 10, 2022 Target Vendor : MongoDB

Description : mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-10758

CVE-2019-7238 - Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability -

Action Due Jun 10, 2022 Target Vendor : Sonatype

Description : Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-7238

CVE-2021-44228 - Apache Log4j2 Remote Code Execution Vulnerability -

Action Due Dec 24, 2021 Target Vendor : Apache

Description : Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.

Action : For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-44228