[CISA-2023:0622] CISA Adds 6 Known Exploited Vulnerabilities to Catalog

Severity Critical

CVEs 6

CISA has added 6 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.

[CVE-2016-0165] Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

Action Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Unknown
Vendor: Microsoft
Product: Win32k
Due Date: Thu Jul 13 00:00:00 2023
Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-039; https://nvd.nist.gov/vuln/detail/CVE-2016-0165

[CVE-2016-9079] Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability

Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows.

Action Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Unknown
Vendor: Mozilla
Product: Firefox, Firefox ESR, and Thunderbird
Due Date: Thu Jul 13 00:00:00 2023
Notes: https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#CVE-2016-9079; https://nvd.nist.gov/vuln/detail/CVE-2016-9079

[CVE-2020-12641] Roundcube Webmail Remote Code Execution Vulnerability

Roundcube Webmail contains an remote code execution vulnerability that allows attackers to execute code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.

Action Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Unknown
Vendor: Roundcube
Product: Roundcube Webmail
Due Date: Thu Jul 13 00:00:00 2023
Notes: https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10; https://nvd.nist.gov/vuln/detail/CVE-2020-12641

[CVE-2020-35730] Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability

Roundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows an attacker to send a plain text e-mail message with Javascript in a link reference element that is mishandled by linkref_addinindex in rcube_string_replacer.php.

Action Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Unknown
Vendor: Roundcube
Product: Roundcube Webmail
Due Date: Thu Jul 13 00:00:00 2023
Notes: https://roundcube.net/news/2020/12/27/security-updates-1.4.10-1.3.16-and-1.2.13; https://nvd.nist.gov/vuln/detail/CVE-2020-35730

[CVE-2021-44026] Roundcube Webmail SQL Injection Vulnerability

Roundcube Webmail is vulnerable to SQL injection via search or search_params.

Action Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Unknown
Vendor: Roundcube
Product: Roundcube Webmail
Due Date: Thu Jul 13 00:00:00 2023
Notes: https://roundcube.net/news/2021/11/12/security-updates-1.4.12-and-1.3.17-released; https://nvd.nist.gov/vuln/detail/CVE-2021-44026

[CVE-2023-20887] Vmware Aria Operations for Networks Command Injection Vulnerability

VMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network access to perform an attack resulting in remote code execution.

Action Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns?: Unknown
Vendor: VMware
Product: Aria Operations for Networks
Due Date: Thu Jul 13 00:00:00 2023
Notes: https://www.vmware.com/security/advisories/VMSA-2023-0012.html; https://nvd.nist.gov/vuln/detail/CVE-2023-20887