CISA Known Exploited Vulnerabilities (KEV)

CVE-2020-8467 - Trend Micro Apex One and OfficeScan Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Trend Micro

Description : Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-8467

CVE-2020-8468 - Trend Micro Multiple Products Content Validation Escape Vulnerability -

Action Due May 03, 2022 Target Vendor : Trend Micro

Description : Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-8468

CVE-2020-8599 - Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability -

Action Due May 03, 2022 Target Vendor : Trend Micro

Description : Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-8599

CVE-2021-36742 - Trend Micro Multiple Products Improper Input Validation Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Trend Micro

Description : Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://success.trendmicro.com/dcx/s/solution/000287819?language=en_US, https://success.trendmicro.com/dcx/s/solution/000287820?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2021-36742

CVE-2021-36741 - Trend Micro Multiple Products Improper Input Validation Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Trend Micro

Description : Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://success.trendmicro.com/dcx/s/solution/000287819?language=en_US, https://success.trendmicro.com/dcx/s/solution/000287820?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2021-36741

CVE-2019-20085 - TVT NVMS-1000 Directory Traversal Vulnerability -

Action Due May 03, 2022 Target Vendor : TVT

Description : TVT devices utilizing NVMS-1000 software contain a directory traversal vulnerability via GET /.. requests.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-20085

CVE-2020-5849 - Unraid Authentication Bypass Vulnerability -

Action Due May 03, 2022 Target Vendor : Unraid

Description : Unraid contains an authentication bypass vulnerability that allows attackers to gain access to the administrative interface. This CVE is chainable with CVE-2020-5847 for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-5849

CVE-2019-16759 - vBulletin PHP Module Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : vBulletin

Description : The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-16759

CVE-2020-17496 - vBulletin PHP Module Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : vBulletin

Description : The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. This CVE ID resolves an incomplete patch for CVE-2019-16759.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-17496

CVE-2020-3992 - VMware ESXi OpenSLP Use-After-Free Vulnerability -

Action Due May 03, 2022 Target Vendor : VMware

Description : VMware ESXi OpenSLP contains a use-after-free vulnerability that allows an attacker residing in the management network with access to port 427 to perform remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-3992

CVE-2020-3950 - VMware Multiple Products Privilege Escalation Vulnerability -

Action Due May 03, 2022 Target Vendor : VMware

Description : VMware Fusion, Remote Console (VMRC) for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers to escalate privileges to root.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-3950

CVE-2021-22005 - VMware vCenter Server File Upload Vulnerability -

Action Due Nov 17, 2021 Target Vendor : VMware

Description : VMware vCenter Server contains a file upload vulnerability in the Analytics service that allows a user with network access to port 443 to execute code.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-22005

CVE-2020-3952 - VMware vCenter Server Information Disclosure Vulnerability -

Action Due May 03, 2022 Target Vendor : VMware

Description : VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service (vmdir) when the Platform Services Controller (PSC) does not correctly implement access controls. Successful exploitation allows an attacker with network access to port 389 to extract sensitive information.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-3952

CVE-2021-21972 - VMware vCenter Server Remote Code Execution Vulnerability -

Action Due Nov 17, 2021 Target Vendor : VMware

Description : VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrestricted privileges on the underlying operating system.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21972

CVE-2021-21985 - VMware vCenter Server Improper Input Validation Vulnerability -

Action Due Nov 17, 2021 Target Vendor : VMware

Description : VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21985

CVE-2020-4006 - Multiple VMware Products Command Injection Vulnerability -

Action Due May 03, 2022 Target Vendor : VMware

Description : VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and a valid password for the configurator administrator account can execute commands with unrestricted privileges on the underlying operating system.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-4006

CVE-2020-25213 - WordPress File Manager Plugin Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : WordPress

Description : WordPress File Manager plugin contains a remote code execution vulnerability that allows unauthenticated users to execute PHP code and upload malicious files on a target site.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-25213

CVE-2020-11738 - WordPress Snap Creek Duplicator Plugin File Download Vulnerability -

Action Due May 03, 2022 Target Vendor : WordPress

Description : WordPress Snap Creek Duplicator plugin contains a file download vulnerability when an administrator creates a new copy of their site that allows an attacker to download the generated files from their Wordpress dashboard. This vulnerability affects Duplicator and Dulplicator Pro.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-11738

CVE-2019-9978 - WordPress Social Warfare Plugin Cross-Site Scripting (XSS) Vulnerability -

Action Due May 03, 2022 Target Vendor : WordPress

Description : WordPress Social Warfare plugin contains a cross-site scripting (XSS) vulnerability that allows for remote code execution. This vulnerability affects Social Warfare and Social Warfare Pro.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-9978

CVE-2021-27561 - Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Yealink

Description : Yealink Device Management contains a server-side request forgery (SSRF) vulnerability that allows for unauthenticated remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-27561