CISA Known Exploited Vulnerabilities

This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).

CVE-2022-23176

WatchGuard Firebox and XTM Privilege Escalation Vulnerability

Vendor: WatchGuard

Product: Firebox and XTM

Added: 2022-04-11

Due Date: 2022-05-02

Description:

WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access.

Required Action:

Apply updates per vendor instructions.

CVE-2021-42287

Ransomware

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability

Vendor: Microsoft

Product: Active Directory

Added: 2022-04-11

Due Date: 2022-05-02

Description:

Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-269

CVE-2021-42278

Ransomware

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability

Vendor: Microsoft

Product: Active Directory

Added: 2022-04-11

Due Date: 2022-05-02

Description:

Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-20

CVE-2021-39793

Google Pixel Out-of-Bounds Write Vulnerability

Vendor: Google

Product: Pixel

Added: 2022-04-11

Due Date: 2022-05-02

Description:

Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-787

CVE-2021-27852

Checkbox Survey Deserialization of Untrusted Data Vulnerability

Vendor: Checkbox

Product: Checkbox Survey

Added: 2022-04-11

Due Date: 2022-05-02

Description:

Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code.

Required Action:

Versions 6 and earlier for this product are end-of-life and must be removed from agency networks. Versions 7 and later are not considered vulnerable.

CWEs:

CWE-502

CVE-2021-22600

Linux Kernel Privilege Escalation Vulnerability

Vendor: Linux

Product: Kernel

Added: 2022-04-11

Due Date: 2022-05-02

Description:

Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service (DoS) or possibly for privilege escalation.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-415

CVE-2020-2509

QNAP Network-Attached Storage (NAS) Command Injection Vulnerability

Vendor: QNAP

Product: QNAP Network-Attached Storage (NAS)

Added: 2022-04-11

Due Date: 2022-05-02

Description:

QNAP NAS devices contain a command injection vulnerability which could allow attackers to perform remote code execution.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-77 CWE-78

CVE-2017-11317

Telerik UI for ASP.NET AJAX Unrestricted File Upload Vulnerability

Vendor: Telerik

Product: User Interface (UI) for ASP.NET AJAX

Added: 2022-04-11

Due Date: 2022-05-02

Description:

Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-326

CVE-2021-3156

Sudo Heap-Based Buffer Overflow Vulnerability

Vendor: Sudo

Product: Sudo

Added: 2022-04-06

Due Date: 2022-04-27

Description:

Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-122 CWE-193

CVE-2021-31166

Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability

Vendor: Microsoft

Product: HTTP Protocol Stack

Added: 2022-04-06

Due Date: 2022-04-27

Description:

Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-416

CVE-2017-0148

Ransomware

Microsoft SMBv1 Server Remote Code Execution Vulnerability

Vendor: Microsoft

Product: SMBv1 server

Added: 2022-04-06

Due Date: 2022-04-27

Description:

The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-20

CVE-2022-22965

Spring Framework JDK 9+ Remote Code Execution Vulnerability

Vendor: VMware

Product: Spring Framework

Added: 2022-04-04

Due Date: 2022-04-25

Description:

Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-94

CVE-2022-22675

Apple macOS Out-of-Bounds Write Vulnerability

Vendor: Apple

Product: macOS

Added: 2022-04-04

Due Date: 2022-04-25

Description:

macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-20 CWE-125

CVE-2022-22674

Apple macOS Out-of-Bounds Read Vulnerability

Vendor: Apple

Product: macOS

Added: 2022-04-04

Due Date: 2022-04-25

Description:

macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory.

Required Action:

Apply updates per vendor instructions.

CWEs:

CWE-20 CWE-125

CVE-2021-45382

D-Link Multiple Routers Remote Code Execution Vulnerability

Vendor: D-Link

Product: Multiple Routers

Added: 2022-04-04

Due Date: 2022-04-25

Description:

A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file.

Required Action:

The impacted product is end-of-life and should be disconnected if still in use.

CWEs:

CWE-78