CISA Known Exploited Vulnerabilities

This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).

CVE-2023-36847

Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability

Vendor: Juniper

Product: Junos OS

Added: 2023-11-13

Due Date: 2023-11-17

Description:

Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities.

Required Action:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-306

CVE-2023-36851

Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability

Vendor: Juniper

Product: Junos OS

Added: 2023-11-13

Due Date: 2023-11-17

Description:

Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities.

Required Action:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-306

CVE-2023-29552

Service Location Protocol (SLP) Denial-of-Service Vulnerability

Vendor: IETF

Product: Service Location Protocol (SLP)

Added: 2023-11-08

Due Date: 2023-11-29

Description:

The Service Location Protocol (SLP) contains a denial-of-service (DoS) vulnerability that could allow an unauthenticated, remote attacker to register services and use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor.

Required Action:

Apply mitigations per vendor instructions or disable SLP service or port 427/UDP on all systems running on untrusted networks, including those directly connected to the Internet.

CVE-2023-22518

Ransomware

Atlassian Confluence Data Center and Server Improper Authorization Vulnerability

Vendor: Atlassian

Product: Confluence Data Center and Server

Added: 2023-11-07

Due Date: 2023-11-28

Description:

Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an unauthenticated attacker. There is no impact on confidentiality since the attacker cannot exfiltrate any data.

Required Action:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-863

CVE-2023-46604

Ransomware

Apache ActiveMQ Deserialization of Untrusted Data Vulnerability

Vendor: Apache

Product: ActiveMQ

Added: 2023-11-02

Due Date: 2023-11-23

Description:

Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath.

Required Action:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-502

CVE-2023-46748

F5 BIG-IP Configuration Utility SQL Injection Vulnerability

Vendor: F5

Product: BIG-IP Configuration Utility

Added: 2023-10-31

Due Date: 2023-11-21

Description:

F5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46747.

Required Action:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-89

CVE-2023-46747

Ransomware

F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability

Vendor: F5

Product: BIG-IP Configuration Utility

Added: 2023-10-31

Due Date: 2023-11-21

Description:

F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46748.

Required Action:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-288

CVE-2023-5631

Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability

Vendor: Roundcube

Product: Webmail

Added: 2023-10-26

Due Date: 2023-11-16

Description:

Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that allows a remote attacker to run malicious JavaScript code.

Required Action:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-79

CVE-2023-20273

Cisco IOS XE Web UI Command Injection Vulnerability

Vendor: Cisco

Product: Cisco IOS XE Web UI

Added: 2023-10-23

Due Date: 2023-10-27

Description:

Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and write the implant to the file system. Cisco identified CVE-2023-20273 as the vulnerability exploited to deploy the implant. CVE-2021-1435, previously associated with the exploitation events, is no longer believed to be related to this activity.

Required Action:

Verify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to determine if a system may have been compromised and immediately report positive findings to CISA.

CWEs:

CWE-78

CVE-2023-4966

Ransomware

Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability

Vendor: Citrix

Product: NetScaler ADC and NetScaler Gateway

Added: 2023-10-18

Due Date: 2023-11-08

Description:

Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

Required Action:

Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-119

CVE-2023-20198

Cisco IOS XE Web UI Privilege Escalation Vulnerability

Vendor: Cisco

Product: IOS XE Web UI

Added: 2023-10-16

Due Date: 2023-10-20

Description:

Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege level 15 access. The attacker can then use that account to gain control of the affected device.

Required Action:

Verify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to determine if a system may have been compromised and immediately report positive findings to CISA.

CWEs:

CWE-420

CVE-2023-21608

Adobe Acrobat and Reader Use-After-Free Vulnerability

Vendor: Adobe

Product: Acrobat and Reader

Added: 2023-10-10

Due Date: 2023-10-31

Description:

Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user.

Required Action:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-416

CVE-2023-20109

Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability

Vendor: Cisco

Product: IOS and IOS XE

Added: 2023-10-10

Due Date: 2023-10-31

Description:

Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN (GET VPN) feature that could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute malicious code or cause a device to crash.

Required Action:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-787

CVE-2023-41763

Microsoft Skype for Business Privilege Escalation Vulnerability

Vendor: Microsoft

Product: Skype for Business

Added: 2023-10-10

Due Date: 2023-10-31

Description:

Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation.

Required Action:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-918

CVE-2023-36563

Microsoft WordPad Information Disclosure Vulnerability

Vendor: Microsoft

Product: WordPad

Added: 2023-10-10

Due Date: 2023-10-31

Description:

Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure.

Required Action:

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CWEs:

CWE-20