CISA Known Exploited Vulnerabilities (KEV)

CVE-2020-10987 - Tenda AC1900 Router AC15 Model Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Tenda

Description : Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-10987

CVE-2021-22502 - Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Micro Focus

Description : Micro Focus Operation Bridge Report (OBR) contains an unspecified vulnerability that allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-22502

CVE-2021-33739 - Microsoft Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Microsoft

Description : Microsoft Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-33739

CVE-2016-0185 - Microsoft Windows Media Center Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Windows Media Center contains a remote code execution vulnerability when Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-0185

CVE-2020-0683 - Microsoft Windows Installer Privilege Escalation Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Windows Installer contains a privilege escalation vulnerability when MSI packages process symbolic links, which allows attackers to bypass access restrictions to add or remove files.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-0683

CVE-2021-26857 - Microsoft Exchange Server Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes : Reference CISA's ED 21-02 (https://www.cisa.gov/news-events/directives/ed-21-02-mitigate-microsoft-exchange-premises-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-02. https://nvd.nist.gov/vuln/detail/CVE-2021-26857

CVE-2016-3235 - Microsoft Office OLE DLL Side Loading Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Office Object Linking & Embedding (OLE) dynamic link library (DLL) contains a side loading vulnerability due to it improperly validating input before loading libraries. Successful exploitation allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-3235

CVE-2021-38648 - Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Microsoft

Description : Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-38648

CVE-2020-6819 - Mozilla Firefox And Thunderbird Use-After-Free Vulnerability -

Action Due May 03, 2022 Target Vendor : Mozilla

Description : Mozilla Firefox and Thunderbird contain a race condition vulnerability when running the nsDocShell destructor under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified impacts.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-6819

CVE-2015-1641 - Microsoft Office Memory Corruption Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code execution in the context of the current user.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-1641

CVE-2019-0541 - Microsoft MSHTML Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft MSHTML engine contains an improper input validation vulnerability that allows for remote code execution vulnerability.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-0541

CVE-2017-11882 - Microsoft Office Memory Corruption Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-11882

CVE-2020-8243 - Ivanti Pulse Connect Secure Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Ivanti

Description : Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2020-8243

CVE-2021-22900 - Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability -

Action Due May 03, 2022 Target Vendor : Ivanti

Description : Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2021-22900

CVE-2020-8260 - Ivanti Pulse Connect Secure Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Ivanti

Description : Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2020-8260

CVE-2020-8195 - Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability -

Action Due May 03, 2022 Target Vendor : Citrix

Description : Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-8195

CVE-2020-8196 - Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability -

Action Due May 03, 2022 Target Vendor : Citrix

Description : Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-8196

CVE-2019-11634 - Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Citrix

Description : Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-11634

CVE-2020-29557 - D-Link DIR-825 R1 Devices Buffer Overflow Vulnerability -

Action Due May 03, 2022 Target Vendor : D-Link

Description : D-Link DIR-825 R1 devices contain a buffer overflow vulnerability in the web interface that may allow for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-29557

CVE-2020-25506 - D-Link DNS-320 Device Command Injection Vulnerability -

Action Due May 03, 2022 Target Vendor : D-Link

Description : D-Link DNS-320 device contains a command injection vulnerability in the sytem_mgr.cgi component that may allow for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-25506