CISA Known Exploited Vulnerabilities (KEV)

CVE-2019-10758 - MongoDB mongo-express Remote Code Execution Vulnerability -

Action Due Jun 10, 2022 Target Vendor : MongoDB

Description : mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-10758

CVE-2020-8816 - Pi-Hole AdminLTE Remote Code Execution Vulnerability -

Action Due Jun 10, 2022 Target Vendor : Pi-hole

Description : Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-8816

CVE-2010-1871 - Red Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability -

Action Due Jun 10, 2022 Target Vendor : Red Hat

Description : JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2010-1871

CVE-2019-7238 - Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability -

Action Due Jun 10, 2022 Target Vendor : Sonatype

Description : Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-7238

CVE-2021-40438 - Apache HTTP Server-Side Request Forgery (SSRF) -

Action Due Dec 15, 2021 Target Vendor : Apache

Description : A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-40438

CVE-2021-37415 - Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability -

Action Due Dec 15, 2021 Target Vendor : Zoho

Description : Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-37415

CVE-2021-44077 - Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability -

Action Due Dec 15, 2021 Target Vendor : Zoho

Description : Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-44077

CVE-2020-11261 - Qualcomm Multiple Chipsets Improper Input Validation Vulnerability -

Action Due Jun 01, 2022 Target Vendor : Qualcomm

Description : Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-11261

CVE-2018-14847 - MikroTik Router OS Directory Traversal Vulnerability -

Action Due Jun 01, 2022 Target Vendor : MikroTik

Description : MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-14847

CVE-2021-42321 - Microsoft Exchange Server Remote Code Execution Vulnerability -

Action Due Dec 01, 2021 Target Vendor : Microsoft

Description : An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 17, 2021

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-42321

CVE-2021-40449 - Microsoft Windows Win32k Privilege Escalation Vulnerability -

Action Due Dec 01, 2021 Target Vendor : Microsoft

Description : Unspecified vulnerability allows for an authenticated user to escalate privileges.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 17, 2021

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-40449

CVE-2021-22204 - ExifTool Remote Code Execution Vulnerability -

Action Due Dec 01, 2021 Target Vendor : Perl

Description : Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-22204

CVE-2021-42292 - Microsoft Excel Security Feature Bypass -

Action Due Dec 01, 2021 Target Vendor : Microsoft

Description : A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-42292

CVE-2019-11510 - Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability -

Action Due May 03, 2022 Target Vendor : Ivanti

Description : Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes : Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2019-11510

CVE-2019-5544 - VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability -

Action Due May 03, 2022 Target Vendor : VMware

Description : VMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrite the heap of the OpenSLP service to perform remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-5544

CVE-2021-20021 - SonicWall Email Security Improper Privilege Management Vulnerability -

Action Due Nov 17, 2021 Target Vendor : SonicWall

Description : SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20022 and CVE-2021-20023 to achieve privilege escalation.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-20021

CVE-2021-34527 - Microsoft Windows Print Spooler Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation allows an attacker to perform remote code execution with SYSTEM privileges. The vulnerability is also known under the moniker of PrintNightmare.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes : Reference CISA's ED 21-04 (https://www.cisa.gov/news-events/directives/ed-21-04-mitigate-windows-print-spooler-service-vulnerability) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-04. https://nvd.nist.gov/vuln/detail/CVE-2021-34527

CVE-2018-7600 - Drupal Core Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Drupal

Description : Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-7600

CVE-2017-5638 - Apache Struts Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Apache

Description : Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-5638

CVE-2021-27104 - Accellion FTA OS Command Injection Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Accellion

Description : Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-27104