CISA Known Exploited Vulnerabilities (KEV)

CVE-2020-10221 - rConfig OS Command Injection Vulnerability -

Action Due May 03, 2022 Target Vendor : rConfig

Description : rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-10221

CVE-2021-22899 - Ivanti Pulse Connect Secure Command Injection Vulnerability -

Action Due May 03, 2022 Target Vendor : Ivanti

Description : Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2021-22899

CVE-2020-6207 - SAP Solution Manager Missing Authentication for Critical Function Vulnerability -

Action Due May 03, 2022 Target Vendor : SAP

Description : SAP Solution Manager User Experience Monitoring contains a missing authentication for critical function vulnerability which results in complete compromise of all SMDAgents connected to the Solution Manager.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-6207

CVE-2021-35395 - Realtek AP-Router SDK Buffer Overflow Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Realtek

Description : Realtek AP-Router SDK HTTP web server boa contains a buffer overflow vulnerability due to unsafe copies of some overly long parameters submitted in the form that lead to denial-of-service (DoS).

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-35395

CVE-2017-16651 - Roundcube Webmail File Disclosure Vulnerability -

Action Due May 03, 2022 Target Vendor : Roundcube

Description : Roundcube Webmail contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-16651

CVE-2020-11652 - SaltStack Salt Path Traversal Vulnerability -

Action Due May 03, 2022 Target Vendor : SaltStack

Description : SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-11652

CVE-2020-16846 - SaltStack Salt Shell Injection Vulnerability -

Action Due May 03, 2022 Target Vendor : SaltStack

Description : SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users running the Salt API.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-16846

CVE-2019-16256 - SIMalliance Toolbox Browser Command Injection Vulnerability -

Action Due May 03, 2022 Target Vendor : SIMalliance

Description : SIMalliance Toolbox Browser contains an command injection vulnerability that could allow remote attackers to retrieve location and IMEI information or execute a range of other attacks by modifying the attack message.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-16256

CVE-2020-10148 - SolarWinds Orion Authentication Bypass Vulnerability -

Action Due May 03, 2022 Target Vendor : SolarWinds

Description : SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-10148

CVE-2017-6327 - Symantec Messaging Gateway Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Symantec

Description : Symantec Messaging Gateway contains an unspecified vulnerability which can allow for remote code execution. With the ability to perform remote code execution, an attacker may also desire to perform privilege escalating actions.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-6327

CVE-2021-31755 - Tenda AC11 Router Stack Buffer Overflow Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Tenda

Description : Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-31755

CVE-2021-20023 - SonicWall Email Security Path Traversal Vulnerability -

Action Due Nov 17, 2021 Target Vendor : SonicWall

Description : SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve privilege escalation.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-20023

CVE-2021-20016 - SonicWall SSLVPN SMA100 SQL Injection Vulnerability -

Action Due Nov 17, 2021 Target Vendor : SonicWall

Description : SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-20016

CVE-2020-12271 - Sophos SFOS SQL Injection Vulnerability -

Action Due May 03, 2022 Target Vendor : Sophos

Description : Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-12271

CVE-2018-20062 - ThinkPHP "noneCms" Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : ThinkPHP

Description : ThinkPHP "noneCms" contains an unspecified vulnerability that allows for remote code execution through crafted use of the filter parameter.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-20062

CVE-2019-9082 - ThinkPHP Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : ThinkPHP

Description : ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-9082

CVE-2019-18187 - Trend Micro OfficeScan Directory Traversal Vulnerability -

Action Due May 03, 2022 Target Vendor : Trend Micro

Description : Trend Micro OfficeScan contains a directory traversal vulnerability by extracting files from a zip file to a specific folder on the OfficeScan server, leading to remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-18187

CVE-2020-8467 - Trend Micro Apex One and OfficeScan Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Trend Micro

Description : Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-8467

CVE-2020-8468 - Trend Micro Multiple Products Content Validation Escape Vulnerability -

Action Due May 03, 2022 Target Vendor : Trend Micro

Description : Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-8468

CVE-2020-24557 - Trend Micro Multiple Products Improper Access Control Vulnerability -

Action Due May 03, 2022 Target Vendor : Trend Micro

Description : Trend Micro Apex One, OfficeScan, and Worry-Free Business Security on Microsoft Windows contain an improper access control vulnerability that may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function, and attain privilege escalation.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-24557