CISA Known Exploited Vulnerabilities (KEV)

CVE-2021-31199 - Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Microsoft

Description : Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-31199

CVE-2014-1812 - Microsoft Windows Group Policy Preferences Password Privilege Escalation Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate privileges on the domain.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2014-1812

CVE-2016-3718 - ImageMagick Server-Side Request Forgery (SSRF) Vulnerability -

Action Due May 03, 2022 Target Vendor : ImageMagick

Description : ImageMagick contains an unspecified vulnerability that allows attackers to perform server-side request forgery (SSRF) via a crafted image.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-3718

CVE-2020-4427 - IBM Data Risk Manager Security Bypass Vulnerability -

Action Due May 03, 2022 Target Vendor : IBM

Description : IBM Data Risk Manager contains a security bypass vulnerability that could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-4427

CVE-2021-30563 - Google Chromium V8 Type Confusion Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Google

Description : Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30563

CVE-2021-37973 - Google Chromium Portals Use-After-Free Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Google

Description : Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-37973

CVE-2020-16013 - Google Chromium V8 Incorrect Implementation Vulnerabililty -

Action Due May 03, 2022 Target Vendor : Google

Description : Google Chromium V8 Engine contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-16013

CVE-2020-16010 - Google Chrome for Android UI Heap Buffer Overflow Vulnerability -

Action Due May 03, 2022 Target Vendor : Google

Description : Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-16010

CVE-2020-8657 - EyesOfNetwork Use of Hard-Coded Credentials Vulnerability -

Action Due May 03, 2022 Target Vendor : EyesOfNetwork

Description : EyesOfNetwork contains a use of hard-coded credentials vulnerability, as it uses the same API key by default. Exploitation allows an attacker to calculate or guess the admin access token.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-8657

CVE-2018-7600 - Drupal Core Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Drupal

Description : Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-7600

CVE-2018-15811 - DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability -

Action Due May 03, 2022 Target Vendor : DotNetNuke (DNN)

Description : DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-15811

CVE-2020-3569 - Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability -

Action Due May 03, 2022 Target Vendor : Cisco

Description : Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-3569

CVE-2020-3118 - Cisco IOS XR Software Discovery Protocol Format String Vulnerability -

Action Due May 03, 2022 Target Vendor : Cisco

Description : Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute code with administrative privileges or cause a reload on an affected device.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-3118

CVE-2021-30761 - Apple iOS WebKit Memory Corruption Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Apple

Description : Apple iOS WebKit contains a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30761

CVE-2019-3398 - Atlassian Confluence Server and Data Center Path Traversal Vulnerability -

Action Due May 03, 2022 Target Vendor : Atlassian

Description : Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write files. Exploitation can lead to remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-3398

CVE-2021-27104 - Accellion FTA OS Command Injection Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Accellion

Description : Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-27104

CVE-2021-27102 - Accellion FTA OS Command Injection Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Accellion

Description : Accellion FTA contains an OS command injection vulnerability exploited via a local web service call.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-27102