CISA Known Exploited Vulnerabilities (KEV)

CVE-2019-10758 - MongoDB mongo-express Remote Code Execution Vulnerability -

Action Due Jun 10, 2022 Target Vendor : MongoDB

Description : mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-10758

CVE-2019-7238 - Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability -

Action Due Jun 10, 2022 Target Vendor : Sonatype

Description : Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-7238

CVE-2021-44228 - Apache Log4j2 Remote Code Execution Vulnerability -

Action Due Dec 24, 2021 Target Vendor : Apache

Description : Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.

Action : For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-44228

CVE-2018-14847 - MikroTik Router OS Directory Traversal Vulnerability -

Action Due Jun 01, 2022 Target Vendor : MikroTik

Description : MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-14847

CVE-2021-37415 - Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability -

Action Due Dec 15, 2021 Target Vendor : Zoho

Description : Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-37415

CVE-2021-40438 - Apache HTTP Server-Side Request Forgery (SSRF) -

Action Due Dec 15, 2021 Target Vendor : Apache

Description : A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-40438

CVE-2021-44077 - Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability -

Action Due Dec 15, 2021 Target Vendor : Zoho

Description : Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-44077

CVE-2020-11261 - Qualcomm Multiple Chipsets Improper Input Validation Vulnerability -

Action Due Jun 01, 2022 Target Vendor : Qualcomm

Description : Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-11261

CVE-2021-22204 - ExifTool Remote Code Execution Vulnerability -

Action Due Dec 01, 2021 Target Vendor : Perl

Description : Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-22204

CVE-2021-40449 - Microsoft Windows Win32k Privilege Escalation Vulnerability -

Action Due Dec 01, 2021 Target Vendor : Microsoft

Description : Unspecified vulnerability allows for an authenticated user to escalate privileges.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-40449

CVE-2021-42321 - Microsoft Exchange Server Remote Code Execution Vulnerability -

Action Due Dec 01, 2021 Target Vendor : Microsoft

Description : An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-42321

CVE-2021-42292 - Microsoft Excel Security Feature Bypass -

Action Due Dec 01, 2021 Target Vendor : Microsoft

Description : A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-42292

CVE-2021-26858 - Microsoft Exchange Server Remote Code Execution Vulnerability -

Action Due Apr 16, 2021 Target Vendor : Microsoft

Description : Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : Reference CISA's ED 21-02 (https://www.cisa.gov/news-events/directives/ed-21-02-mitigate-microsoft-exchange-premises-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-02. https://nvd.nist.gov/vuln/detail/CVE-2021-26858

CVE-2016-3976 - SAP NetWeaver Directory Traversal Vulnerability -

Action Due May 03, 2022 Target Vendor : SAP

Description : SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-3976

CVE-2021-27065 - Microsoft Exchange Server Remote Code Execution Vulnerability -

Action Due Apr 16, 2021 Target Vendor : Microsoft

Description : Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : Reference CISA's ED 21-02 (https://www.cisa.gov/news-events/directives/ed-21-02-mitigate-microsoft-exchange-premises-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-02. https://nvd.nist.gov/vuln/detail/CVE-2021-27065

CVE-2021-1675 - Microsoft Windows Print Spooler Remote Code Execution Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Microsoft

Description : Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-1675

CVE-2021-34448 - Microsoft Windows Scripting Engine Memory Corruption Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Microsoft

Description : Microsoft Windows Scripting Engine contains an unspecified vulnerability that allows for memory corruption.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-34448

CVE-2020-0601 - Microsoft Windows CryptoAPI Spoofing Vulnerability -

Action Due Jan 29, 2020 Target Vendor : Microsoft

Description : Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software. The vulnerability is also known under the moniker of CurveBall.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : Reference CISA's ED 20-02 (https://www.cisa.gov/news-events/directives/ed-20-02-mitigate-windows-vulnerabilities-january-2020-patch-tuesday) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 20-02. https://nvd.nist.gov/vuln/detail/CVE-2020-0601

CVE-2020-0646 - Microsoft .NET Framework Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft .NET Framework contains an improper input validation vulnerability that allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-0646

CVE-2019-0808 - Microsoft Win32k Privilege Escalation Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Win32k contains a privilege escalation vulnerability due to the component failing to properly handle objects in memory. Successful exploitation allows an attacker to run code in kernel mode.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-0808