[CISA-2021:1210] CISA Adds 13 Known Exploited Vulnerabilities to Catalog

Severity Critical

CVEs 13

CISA has added 13 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

[CVE-2010-1871] Red Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured.

Action Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Unknown
Vendor: Red Hat
Product: JBoss Seam 2
Due Date: Fri Jun 10 00:00:00 2022
Notes: https://nvd.nist.gov/vuln/detail/CVE-2010-1871

[CVE-2017-12149] Red Hat JBoss Application Server Remote Code Execution Vulnerability

The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data.

Action Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Known
Vendor: Red Hat
Product: JBoss Application Server
Due Date: Fri Jun 10 00:00:00 2022
Notes: https://nvd.nist.gov/vuln/detail/CVE-2017-12149

[CVE-2017-17562] Embedthis GoAhead Remote Code Execution Vulnerability

Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.

Action Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Unknown
Vendor: Embedthis
Product: GoAhead
Due Date: Fri Jun 10 00:00:00 2022
Notes: https://nvd.nist.gov/vuln/detail/CVE-2017-17562

[CVE-2019-0193] Apache Solr DataImportHandler Code Injection Vulnerability

The optional Apache Solr module DataImportHandler contains a code injection vulnerability.

Action Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Unknown
Vendor: Apache
Product: Solr
Due Date: Fri Jun 10 00:00:00 2022
Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-0193

[CVE-2019-10758] MongoDB mongo-express Remote Code Execution Vulnerability

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the toBSON method.

Action Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Unknown
Vendor: MongoDB
Product: mongo-express
Due Date: Fri Jun 10 00:00:00 2022
Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-10758

[CVE-2019-13272] Linux Kernel Improper Privilege Management Vulnerability

Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability that allows local users to obtain root access.

Action Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Unknown
Vendor: Linux
Product: Kernel
Due Date: Fri Jun 10 00:00:00 2022
Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-13272

[CVE-2019-7238] Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability

Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution.

Action Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Unknown
Vendor: Sonatype
Product: Nexus Repository Manager
Due Date: Fri Jun 10 00:00:00 2022
Notes: https://nvd.nist.gov/vuln/detail/CVE-2019-7238

[CVE-2020-17463] Fuel CMS SQL Injection Vulnerability

FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.

Action Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Unknown
Vendor: Fuel CMS
Product: Fuel CMS
Due Date: Fri Jun 10 00:00:00 2022
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-17463

[CVE-2020-8816] Pi-Hole AdminLTE Remote Code Execution Vulnerability

Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.

Action Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Unknown
Vendor: Pi-hole
Product: AdminLTE
Due Date: Fri Jun 10 00:00:00 2022
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-8816

[CVE-2021-35394] Realtek Jungle SDK Remote Code Execution Vulnerability

RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution.

Action Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Unknown
Vendor: Realtek
Product: Jungle Software Development Kit (SDK)
Due Date: Fri Dec 24 00:00:00 2021
Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-35394

[CVE-2021-44168] Fortinet FortiOS Arbitrary File Download

Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files.

Action Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Unknown
Vendor: Fortinet
Product: FortiOS
Due Date: Fri Dec 24 00:00:00 2021
Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-44168

[CVE-2021-44228] Apache Log4j2 Remote Code Execution Vulnerability

Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.

Action For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.
Known To Be Used in Ransomware Campaigns?: Known
Vendor: Apache
Product: Log4j2
Due Date: Fri Dec 24 00:00:00 2021
Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-44228

[CVE-2021-44515] Zoho Desktop Central Authentication Bypass Vulnerability

Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.