From 9028b5a762c00812c40e81de6d48ed9cf0357e65 Mon Sep 17 00:00:00 2001 From: m-1-k-3 Date: Sun, 16 Feb 2025 00:31:35 +0000 Subject: [PATCH] Update CISA known exploited vulnerability database --- config/known_exploited_vulnerabilities.csv | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/config/known_exploited_vulnerabilities.csv b/config/known_exploited_vulnerabilities.csv index b8d84ed07..adf760703 100644 --- a/config/known_exploited_vulnerabilities.csv +++ b/config/known_exploited_vulnerabilities.csv @@ -1,4 +1,11 @@ cveID,vendorProject,product,vulnerabilityName,dateAdded,shortDescription,requiredAction,dueDate,knownRansomwareCampaignUse,notes,cwes +CVE-2024-57727,"SimpleHelp ",SimpleHelp,"SimpleHelp Path Traversal Vulnerability",2025-02-13,"SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files may include server configuration files and hashed user passwords.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2025-03-06,Unknown,"https://simple-help.com/kb---security-vulnerabilities-01-2025 ; https://nvd.nist.gov/vuln/detail/CVE-2024-57727",CWE-22 +CVE-2025-24200,Apple,"iOS and iPadOS","Apple iOS and iPadOS Incorrect Authorization Vulnerability",2025-02-12,"Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2025-03-05,Unknown,"https://support.apple.com/en-us/122173 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24200",CWE-863 +CVE-2024-41710,Mitel,"SIP Phones","Mitel SIP Phones Argument Injection Vulnerability",2025-02-12,"Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, contain an argument injection vulnerability due to insufficient parameter sanitization during the boot process. Successful exploitation may allow an attacker to execute arbitrary commands within the context of the system.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2025-03-05,Unknown,"https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0019-001-v2.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2024-41710",CWE-88 +CVE-2024-40891,Zyxel,"DSL CPE Devices","Zyxel DSL CPE OS Command Injection Vulnerability",2025-02-11,"Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attacker to execute OS commands via Telnet.","The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.",2025-03-04,Unknown,"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025 ; https://www.zyxel.com/service-provider/global/en/security-advisories/zyxel-security-advisory-command-injection-insecure-in-certain-legacy-dsl-cpe-02-04-2025 ; https://nvd.nist.gov/vuln/detail/CVE-2024-40891",CWE-78 +CVE-2024-40890,Zyxel,"DSL CPE Devices","Zyxel DSL CPE OS Command Injection Vulnerability",2025-02-11,"Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to execute OS commands via a crafted HTTP request.","The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.",2025-03-04,Unknown,"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025 ; https://www.zyxel.com/service-provider/global/en/security-advisories/zyxel-security-advisory-command-injection-insecure-in-certain-legacy-dsl-cpe-02-04-2025 ; https://nvd.nist.gov/vuln/detail/CVE-2024-40890",CWE-78 +CVE-2025-21418,Microsoft,Windows,"Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability",2025-02-11,"Microsoft Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2025-03-04,Unknown,"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21418 ; https://nvd.nist.gov/vuln/detail/CVE-2025-21418",CWE-122 +CVE-2025-21391,Microsoft,Windows,"Microsoft Windows Storage Link Following Vulnerability",2025-02-11,"Microsoft Windows Storage contains a link following vulnerability that could allow for privilege escalation. This vulnerability could allow an attacker to delete data including data that results in the service being unavailable.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2025-03-04,Unknown,"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21391 ; https://nvd.nist.gov/vuln/detail/CVE-2025-21391",CWE-59 CVE-2025-0994,Trimble,Cityworks,"Trimble Cityworks Deserialization Vulnerability",2025-02-07,"Trimble Cityworks contains a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services (IIS) web server.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2025-02-28,Unknown,"https://learn.assetlifecycle.trimble.com/i/1532182-cityworks-customer-communication-2025-02-05-docx/0?; https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-04 ; https://nvd.nist.gov/vuln/detail/CVE-2025-0994",CWE-502 CVE-2020-15069,Sophos,"XG Firewall","Sophos XG Firewall Buffer Overflow Vulnerability",2025-02-06,"Sophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the ""HTTP/S bookmark"" feature.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2025-02-27,Unknown,"https://community.sophos.com/b/security-blog/posts/advisory-buffer-overflow-vulnerability-in-user-portal ; https://nvd.nist.gov/vuln/detail/CVE-2020-15069",CWE-120 CVE-2020-29574,Sophos,CyberoamOS,"CyberoamOS (CROS) SQL Injection Vulnerability",2025-02-06,"CyberoamOS (CROS) contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely.","The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.",2025-02-27,Unknown,"https://support.sophos.com/support/s/article/KBA-000007526 ; https://nvd.nist.gov/vuln/detail/CVE-2020-29574",CWE-89