CISA Known Exploited Vulnerabilities (KEV)

CVE-2017-11882 - Microsoft Office Memory Corruption Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-11882

CVE-2019-1367 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows for remote code execution in the context of the current user.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-1367

CVE-2020-1472 - Microsoft Netlogon Privilege Escalation Vulnerability -

Action Due Sep 21, 2020 Target Vendor : Microsoft

Description : Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An attacker who successfully exploits the vulnerability could run a specially crafted application on a device on the network. The vulnerability is also known under the moniker of Zerologon.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : Reference CISA's ED 20-04 (https://www.cisa.gov/news-events/directives/ed-20-04-mitigate-netlogon-elevation-privilege-vulnerability-august-2020-patch-tuesday) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 20-04. https://nvd.nist.gov/vuln/detail/CVE-2020-1472

CVE-2021-26855 - Microsoft Exchange Server Remote Code Execution Vulnerability -

Action Due Apr 16, 2021 Target Vendor : Microsoft

Description : Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : Reference CISA's ED 21-02 (https://www.cisa.gov/news-events/directives/ed-21-02-mitigate-microsoft-exchange-premises-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-02. https://nvd.nist.gov/vuln/detail/CVE-2021-26855

CVE-2021-27101 - Accellion FTA SQL Injection Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Accellion

Description : Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to document_root.html.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-27101

CVE-2021-27103 - Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Accellion

Description : Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-27103

CVE-2021-21017 - Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Adobe

Description : Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21017

CVE-2021-28550 - Adobe Acrobat and Reader Use-After-Free Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Adobe

Description : Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-28550

CVE-2018-4939 - Adobe ColdFusion Deserialization of Untrusted Data Vulnerability -

Action Due May 03, 2022 Target Vendor : Adobe

Description : Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-4939

CVE-2018-15961 - Adobe ColdFusion Unrestricted File Upload Vulnerability -

Action Due May 03, 2022 Target Vendor : Adobe

Description : Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-15961

CVE-2020-5735 - Amcrest Cameras and NVR Stack-based Buffer Overflow Vulnerability -

Action Due May 03, 2022 Target Vendor : Amcrest

Description : Amcrest cameras and NVR contain a stack-based buffer overflow vulnerability through port 37777 that allows an unauthenticated, remote attacker to crash the device and possibly execute code.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-5735

CVE-2019-2215 - Android Kernel Use-After-Free Vulnerability -

Action Due May 03, 2022 Target Vendor : Android

Description : Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerability was observed chained with CVE-2020-0041 and CVE-2020-0069 under exploit chain "AbstractEmu."

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-2215

CVE-2020-0069 - Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability -

Action Due May 03, 2022 Target Vendor : MediaTek

Description : Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an out-of-bounds write leading to privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and CVE-2020-0041 under exploit chain "AbstractEmu."

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-0069

CVE-2017-9805 - Apache Struts Deserialization of Untrusted Data Vulnerability -

Action Due May 03, 2022 Target Vendor : Apache

Description : Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-9805

CVE-2021-42013 - Apache HTTP Server Path Traversal Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Apache

Description : Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default require all denied or if CGI scripts are enabled. This CVE ID resolves an incomplete patch for CVE-2021-41773.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-42013

CVE-2021-41773 - Apache HTTP Server Path Traversal Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Apache

Description : Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default �require all denied� or if CGI scripts are enabled. The original patch issued under this CVE ID is insufficient, please review remediation information under CVE-2021-42013.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-41773

CVE-2019-0211 - Apache HTTP Server Privilege Escalation Vulnerability -

Action Due May 03, 2022 Target Vendor : Apache

Description : Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute code with the privileges of the parent process (usually root) by manipulating the scoreboard.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-0211

CVE-2016-4437 - Apache Shiro Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Apache

Description : Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been configured for the "remember me" feature.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-4437

CVE-2019-17558 - Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Apache

Description : The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-17558

CVE-2020-17530 - Apache Struts Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Apache

Description : Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-17530