Merge pull request #1431 from e-m-b-a/known_exploited_update

CISA known exploited database update
e-m-b-a · Jan 13, 2025 · ce623a0 · ce623a0
2 parents a16f723 + 8f870da
commit ce623a0
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/config/known_exploited_vulnerabilities.csv b/config/known_exploited_vulnerabilities.csv
@@ -1,4 +1,8 @@
 cveID,vendorProject,product,vulnerabilityName,dateAdded,shortDescription,requiredAction,dueDate,knownRansomwareCampaignUse,notes,cwes
+CVE-2025-0282,Ivanti,"Connect Secure, Policy Secure, and ZTA Gateways","Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability",2025-01-08,"Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.","Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.",2025-01-15,Unknown,"CISA Mitigation Instructions: https://www.cisa.gov/cisa-mitigation-instructions-CVE-2025-0282 Additional References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283 ; https://nvd.nist.gov/vuln/detail/CVE-2025-0282",CWE-121
+CVE-2020-2883,Oracle,"WebLogic Server","Oracle WebLogic Server Unspecified Vulnerability",2025-01-07,"Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP or T3.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2025-01-28,Unknown,"https://www.oracle.com/security-alerts/cpuapr2020.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-2883",
+CVE-2024-55550,Mitel,MiCollab,"Mitel MiCollab Path Traversal Vulnerability",2025-01-07,"Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an unauthenticated, remote attacker to read arbitrary files on the server.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2025-01-28,Unknown,"https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029 ; https://nvd.nist.gov/vuln/detail/CVE-2024-55550",CWE-22
+CVE-2024-41713,Mitel,MiCollab,"Mitel MiCollab Path Traversal Vulnerability",2025-01-07,"Mitel MiCollab contains a path traversal vulnerability that could allow an attacker to gain unauthorized and unauthenticated access. This vulnerability can be chained with CVE-2024-55550, which allows an unauthenticated, remote attacker to read arbitrary files on the server.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2025-01-28,Unknown,"https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029 ; https://nvd.nist.gov/vuln/detail/CVE-2024-41713 ",CWE-22
 CVE-2024-3393,"Palo Alto Networks",PAN-OS,"Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability",2024-12-30,"Palo Alto Networks PAN-OS contains a vulnerability in parsing and logging malicious DNS packets in the DNS Security feature that, when exploited, allows an unauthenticated attacker to remotely reboot the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2025-01-20,Unknown,"https://security.paloaltonetworks.com/CVE-2024-3393 ; https://nvd.nist.gov/vuln/detail/CVE-2024-3393",CWE-754
 CVE-2021-44207,"Acclaim Systems",USAHERDS,"Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ",2024-12-23,"Acclaim Systems USAHERDS contains a hard-coded credentials vulnerability that could allow an attacker to achieve remote code execution on the system that runs the application. The MachineKey must be obtained via a separate vulnerability or other channel.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Please contact the product developer for support and vulnerability mitigation.",2025-01-13,Unknown,"https://www.acclaimsystems.com/#contact ; https://www.tnatc.org/#contact ; https://nvd.nist.gov/vuln/detail/CVE-2021-44207",CWE-798
 CVE-2024-12356,BeyondTrust,"Privileged Remote Access (PRA) and Remote Support (RS) ","BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability ",2024-12-19,"BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user. ","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-12-27,Unknown,"https://www.beyondtrust.com/trust-center/security-advisories/bt24-10 ; https://nvd.nist.gov/vuln/detail/CVE-2024-12356",CWE-77