Merge pull request #1402 from e-m-b-a/known_exploited_update

CISA known exploited database update

config/known_exploited_vulnerabilities.csv

@@ -1,5 +1,9 @@
 cveID,vendorProject,product,vulnerabilityName,dateAdded,shortDescription,requiredAction,dueDate,knownRansomwareCampaignUse,notes,cwes
-CVE-2023-28461,"Array Networks ","AG/vxAG ArrayOS","Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability",2024-11-25,"Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-12-16,Unknown,"https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2023-28461",CWE-306
+CVE-2024-51378,CyberPersons,CyberPanel,"CyberPanel Incorrect Default Permissions Vulnerability",2024-12-04,"CyberPanel contains an incorrect default permissions vulnerability that allows for authentication bypass and the execution of arbitrary commands using shell metacharacters in the statusfile property.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-12-25,Known,"https://cyberpanel.net/KnowledgeBase/home/change-logs/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-51378",CWE-276
+CVE-2024-11667,Zyxel,"Multiple Firewalls","Zyxel Multiple Firewalls Path Traversal Vulnerability",2024-12-03,"Multiple Zyxel firewalls contain a path traversal vulnerability in the web management interface that could allow an attacker to download or upload files via a crafted URL.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-12-24,Known,"https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-21-2024 ; https://nvd.nist.gov/vuln/detail/CVE-2024-11667",CWE-22
+CVE-2024-11680,ProjectSend,ProjectSend,"ProjectSend Improper Authentication Vulnerability",2024-12-03,"ProjectSend contains an improper authentication vulnerability that allows a remote, unauthenticated attacker to enable unauthorized modification of the application's configuration via crafted HTTP requests to options.php. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-12-24,Unknown,"https://github.com/projectsend/projectsend/commit/193367d937b1a59ed5b68dd4e60bd53317473744 ; https://nvd.nist.gov/vuln/detail/CVE-2024-11680",CWE-287
+CVE-2023-45727,"North Grid",Proself,"North Grid Proself Improper Restriction of XML External Entity (XXE) Reference Vulnerability",2024-12-03,"North Grid Proself Enterprise/Standard, Gateway, and Mail Sanitize contain an improper restriction of XML External Entity (XXE) reference vulnerability, which could allow a remote, unauthenticated attacker to conduct an XXE attack.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-12-24,Unknown,"https://www.proself.jp/information/153/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-45727",CWE-611
+CVE-2023-28461,"Array Networks ","AG/vxAG ArrayOS","Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability",2024-11-25,"Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-12-16,Known,"https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2023-28461",CWE-306
 CVE-2024-21287,Oracle,"Agile Product Lifecycle Management (PLM)","Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability",2024-11-21,"Oracle Agile Product Lifecycle Management (PLM) contains an incorrect authorization vulnerability in the Process Extension component of the Software Development Kit. Successful exploitation of this vulnerability may result in unauthenticated file disclosure.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-12-12,Unknown,"https://www.oracle.com/security-alerts/alert-cve-2024-21287.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-21287",CWE-863
 CVE-2024-44309,Apple,"Multiple Products","Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability",2024-11-21,"Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting (XSS) attack.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-12-12,Unknown,"https://support.apple.com/en-us/121752, https://support.apple.com/en-us/121753, https://support.apple.com/en-us/121754, https://support.apple.com/en-us/121755, https://support.apple.com/en-us/121756 ; https://nvd.nist.gov/vuln/detail/CVE-2024-44309",
 CVE-2024-44308,Apple,"Multiple Products","Apple Multiple Products Code Execution Vulnerability",2024-11-21,"Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-12-12,Unknown,"https://support.apple.com/en-us/121752, https://support.apple.com/en-us/121753, https://support.apple.com/en-us/121754, https://support.apple.com/en-us/121755, https://support.apple.com/en-us/121756 ; https://nvd.nist.gov/vuln/detail/CVE-2024-44308",
@@ -11,7 +15,7 @@ CVE-2024-1212,Progress,"Kemp LoadMaster","Progress Kemp LoadMaster OS Command In
 CVE-2024-9465,"Palo Alto Networks",Expedition,"Palo Alto Networks Expedition SQL Injection Vulnerability",2024-11-14,"Palo Alto Networks Expedition contains a SQL injection vulnerability that allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-12-05,Unknown,"https://security.paloaltonetworks.com/PAN-SA-2024-0010 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9465",CWE-89
 CVE-2024-9463,"Palo Alto Networks",Expedition,"Palo Alto Networks Expedition OS Command Injection Vulnerability",2024-11-14,"Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-12-05,Unknown,"https://security.paloaltonetworks.com/PAN-SA-2024-0010 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9463",CWE-78
 CVE-2021-26086,Atlassian,"Jira Server and Data Center","Atlassian Jira Server and Data Center Path Traversal Vulnerability",2024-11-12,"Atlassian Jira Server and Data Center contain a path traversal vulnerability that allows a remote attacker to read particular files in the /WEB-INF/web.xml endpoint.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-12-03,Unknown,"https://jira.atlassian.com/browse/JRASERVER-72695 ; https://nvd.nist.gov/vuln/detail/CVE-2021-26086",CWE-22
-CVE-2014-2120,Cisco,"Adaptive Security Appliance (ASA)","Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability",2024-11-12,"Cisco Adaptive Security Appliance (ASA) contains a cross-site scripting (XSS) vulnerability in the WebVPN login page. This vulnerability allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-12-03,Unknown,"https://web.archive.org/web/20140403043510/http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2120 ; https://nvd.nist.gov/vuln/detail/CVE-2014-2120",CWE-79
+CVE-2014-2120,Cisco,"Adaptive Security Appliance (ASA)","Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability",2024-11-12,"Cisco Adaptive Security Appliance (ASA) contains a cross-site scripting (XSS) vulnerability in the WebVPN login page. This vulnerability allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-12-03,Unknown,"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CVE-2014-2120 ; https://nvd.nist.gov/vuln/detail/CVE-2014-2120",CWE-79
 CVE-2021-41277,Metabase,Metabase,"Metabase GeoJSON API Local File Inclusion Vulnerability",2024-11-12,"Metabase contains a local file inclusion vulnerability in the custom map support in the API to read GeoJSON formatted data.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-12-03,Unknown,"https://github.com/metabase/metabase/security/advisories/GHSA-w73v-6p7p-fpfr ; https://nvd.nist.gov/vuln/detail/CVE-2021-41277",CWE-200
 CVE-2024-43451,Microsoft,Windows,"Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability",2024-11-12,"Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash to an attacker via a file open operation. The attacker could then leverage this hash to impersonate that user.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-12-03,Unknown,"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43451",CWE-73
 CVE-2024-49039,Microsoft,Windows,"Microsoft Windows Task Scheduler Privilege Escalation Vulnerability",2024-11-12,"Microsoft Windows Task Scheduler contains a privilege escalation vulnerability that can allow an attacker-provided, local application to escalate privileges outside of its AppContainer, and access privileged RPC functions.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-12-03,Unknown,"https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039 ; https://nvd.nist.gov/vuln/detail/CVE-2024-49039",CWE-287
@@ -57,7 +61,7 @@ CVE-2024-8190,Ivanti,"Cloud Services Appliance","Ivanti Cloud Services Appliance
 CVE-2024-38217,Microsoft,Windows,"Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability",2024-09-10,"Microsoft Windows Mark of the Web (MOTW) contains a protection mechanism failure vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-10-01,Unknown,"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38217; https://nvd.nist.gov/vuln/detail/CVE-2024-38217",CWE-693
 CVE-2024-38014,Microsoft,Windows,"Microsoft Windows Installer Improper Privilege Management Vulnerability",2024-09-10,"Microsoft Windows Installer contains an improper privilege management vulnerability that could allow an attacker to gain SYSTEM privileges.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-10-01,Unknown,"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38014; https://nvd.nist.gov/vuln/detail/CVE-2024-38014",CWE-269
 CVE-2024-38226,Microsoft,Publisher,"Microsoft Publisher Protection Mechanism Failure Vulnerability",2024-09-10,"Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-10-01,Unknown,"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38226; https://nvd.nist.gov/vuln/detail/CVE-2024-38226",CWE-693
-CVE-2024-40766,SonicWall,SonicOS,"SonicWall SonicOS Improper Access Control Vulnerability",2024-09-09,"SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-09-30,Unknown,"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015; https://nvd.nist.gov/vuln/detail/CVE-2024-40766",CWE-284
+CVE-2024-40766,SonicWall,SonicOS,"SonicWall SonicOS Improper Access Control Vulnerability",2024-09-09,"SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-09-30,Known,"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015; https://nvd.nist.gov/vuln/detail/CVE-2024-40766",CWE-284
 CVE-2017-1000253,Linux,Kernel,"Linux Kernel PIE Stack Buffer Corruption Vulnerability ",2024-09-09,"Linux kernel contains a position-independent executable (PIE) stack buffer corruption vulnerability in load_elf_ binary() that allows a local attacker to escalate privileges. ","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-09-30,Known,"This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a87938b2e246b81b4fb713edb371a9fa3c5c3c86; https://nvd.nist.gov/vuln/detail/CVE-2017-1000253",CWE-119
 CVE-2016-3714,ImageMagick,ImageMagick,"ImageMagick Improper Input Validation Vulnerability",2024-09-09,"ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-09-30,Unknown,"This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588#p132726, https://imagemagick.org/archive/releases/; https://nvd.nist.gov/vuln/detail/CVE-2016-3714",CWE-20
 CVE-2024-7262,Kingsoft,"WPS Office","Kingsoft WPS Office Path Traversal Vulnerability",2024-09-03,"Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-09-24,Unknown,"While CISA cannot confirm the effectiveness of patches at this time, it is recommended that mitigations be applied per vendor instructions if available. If these instructions cannot be located or if mitigations are unavailable, discontinue the use of the product.;   https://nvd.nist.gov/vuln/detail/CVE-2024-7262",CWE-22