2023 Top Routinely Exploited Vulnerabilities

CVE-2023-3519 Citrix

NetScaler ADC and NetScaler Gateway:

13.1 before 13.1-49.13 

13.0 before 13.0-91.13 

NetScaler ADC:

13.1-FIPS before 13.1-37.159

12.1-FIPS before 12.1-55.297

12.1-NDcPP before 12.1-55.297

Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467

Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells

Critical Security Update for NetScaler ADC and NetScaler Gateway

CVE-2023-4966 Citrix

NetScaler ADC and NetScaler Gateway:

14.1 before 14.1-8.50

13.1 before 13.1-49.15

13.0 before 13.0-92.19

NetScaler ADC:

13.1-FIPS before 13.1-37.164

12.1-FIPS before 12.1-55.300

12.1-NDcPP before 12.1-55.300

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-4967

#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability

Critical Security Update for NetScaler ADC and NetScaler Gateway

CVE-2023-20198 Cisco Any Cisco IOS XE Software with web UI feature enabled Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities CVE-2023-27997 Fortinet

FortiOS-6K7K versions:

7.0.10, 7.0.5, 6.4.12

6.4.10, 6.4.8, 6.4.6, 6.4.2

6.2.9 through 6.2.13

6.2.6 through 6.2.7

6.2.4

6.0.12 through 6.0.16

6.0.10

Heap buffer overflow in sslvpn pre-authentication   CVE-2023-34362 Progress

MOVEit Transfer:

2023.0.0 (15.0)

2022.1.x (14.1)

2022.0.x (14.0)

2021.1.x (13.1)

2021.0.x (13.0)

2020.1.x (12.1)

2020.0.x (12.0) or older MOVEit Cloud

MOVEit Transfer Critical Vulnerability #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability CVE-2023-22515 Atlassian

8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4

8.1.0, 8.1.1, 8.1.3, 8.1.4

8.2.0, 8.2.1, 8.2.2, 8.2.38.3.0, 8.3.1, 8.3.2

8.4.0, 8.4.1, 8.4.28.5.0, 8.5.1

Broken Access Control Vulnerability in Confluence Data Center and Server Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks

CVE-2021- 44228

(Log4Shell)

Apache

Log4j, all versions from 2.0-beta9 to 2.14.1

For other affected vendors and products, see CISA’s GitHub repository.

Apache Log4j Security Vulnerabilities

For additional information, see joint advisory: Mitigating Log4Shell and Other Log4j-Related Vulnerabilities

Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems CVE-2023-2868 Barracuda Networks 5.1.3.001 through 9.2.0.006 Barracuda Email Security Gateway Appliance (ESG) Vulnerability   CVE-2022-47966 Zoho Multiple products, multiple versions. (For more details, see Security advisory for remote code execution vulnerability in multiple ManageEngine products) Security advisory for remote code execution vulnerability in multiple ManageEngine products   CVE-2023-27350 PaperCut

PaperCut MF or NG version 8.0 or later (excluding patched versions) on all OS platforms. This includes:

version 8.0.0 to 19.2.7 (inclusive)

version 20.0.0 to 20.1.6 (inclusive)

version 21.0.0 to 21.2.10 (inclusive)

version 22.0.0 to 22.0.8 (inclusive)

URGENT MF/NG vulnerability bulletin (March 2023) Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG CVE-2020-1472 Microsoft Netlogon Netlogon Elevation of Privilege Vulnerability Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure CVE-2023-23397 Microsoft Outlook Microsoft Outlook Elevation of Privilege Vulnerability Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations CVE-2023-49103 ownCloud graphapi Disclosure of Sensitive Credentials and Configuration in Containerized Deployments   CVE-2023-20273 Cisco Cisco IOS XE Software with web UI feature enabled Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities CVE-2023-42793 JetBrains In JetBrains TeamCity before 2023.05.4 CVE-2023-42793 Vulnerability in TeamCity: Post-Mortem Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally CVE-2023-22518 Atlassian All versions of Confluence Data Cetner and Confluence Server Improper Authorization in Confluence Data Center and Server   CVE-2023-29492 — — —   CVE-2021-27860  FatPipe

WARP, MPVPN, IPVPN

10.1.2 and 10.2.2

FatPipe CVE List   CVE-2021-40539  Zoho ManageEngine ADSelfService Plus builds up to 6113 Security advisory – ADSelfService Plus authentication bypass vulnerability

ACSC Alert:

Critical vulnerability in ManageEngine ADSelfService Plus exploited by cyber actors

CVE-2023-0669 Fortra GoAnywhere versions 2.3 through 7.1.2 Fortra deserialization RCE #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability CVE-2021-22986 F5

BIG-IP versions:

16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 and BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2

K03009991: iControl REST unauthenticated remote command execution vulnerability CVE-2021-22986   CVE-2019-0708 Microsoft Remote Desktop Services Remote Desktop Services Remote Code Execution Vulnerability   CVE-2018-13379 Fortinet FortiOS and FortiProxy 2.0.2, 2.0.1, 2.0.0, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0, 1.1.6 FortiProxy – system file leak through SSL VPN special crafted HTTP resource requests   CVE-2023-35078  Ivanti

All supported versions of Endpoint Manager Mobile (EPMM), including:

Version 11.4 releases 11.10, 11.9 and 11.8

CVE-2023-35078 – New Ivanti EPMM Vulnerability Threat Actors Exploiting Ivanti EPMM Vulnerabilities CVE-2023-35081  Ivanti All supported versions of Endpoint Manager Mobile (EPMM), including 11.10, 11.9 and 11.8 CVE-2023-35081 – Remote Arbitrary File Write Threat Actors Exploiting Ivanti EPMM Vulnerabilities CVE-2023-36844 Juniper

Juniper Networks Junos OS on SRX Series and EX Series:

All versions prior to 20.4R3-S9;

21.1 version 21.1R1 and later versions;

21.2 versions prior to 21.2R3-S7;

21.3 versions prior to 21.3R3-S5;

21.4 versions prior to 21.4R3-S5;

22.1 versions prior to 22.1R3-S4;

22.2 versions prior to 22.2R3-S2;

22.3 versions prior to 22.3R2-S2, 22.3R3-S1;

22.4 versions prior to 22.4R2-S1, 22.4R3;

23.2 versions prior to 23.2R1-S1, 23.2R2.

2023-08 Out-of-Cycle Security Bulletin: Junos OS: SRX Series and EX Series: Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution   CVE-2023-36845 Juniper

Juniper Networks Junos OS on SRX Series and EX Series:

All versions prior to 20.4R3-S9;

21.1 version 21.1R1 and later versions;

21.2 versions prior to 21.2R3-S7;

21.3 versions prior to 21.3R3-S5;

21.4 versions prior to 21.4R3-S5;

22.1 versions prior to 22.1R3-S4;

22.2 versions prior to 22.2R3-S2;

22.3 versions prior to 22.3R2-S2, 22.3R3-S1;

22.4 versions prior to 22.4R2-S1, 22.4R3;

23.2 versions prior to 23.2R1-S1, 23.2R2.

2023-08 Out-of-Cycle Security Bulletin: Junos OS: SRX Series and EX Series: Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution   CVE-2023-36846 Juniper

Juniper Networks Junos OS on SRX Series and EX Series:

All versions prior to 20.4R3-S9;

21.1 version 21.1R1 and later versions;

21.2 versions prior to 21.2R3-S7;

21.3 versions prior to 21.3R3-S5;

21.4 versions prior to 21.4R3-S5;

22.1 versions prior to 22.1R3-S4;

22.2 versions prior to 22.2R3-S2;

22.3 versions prior to 22.3R2-S2, 22.3R3-S1;

22.4 versions prior to 22.4R2-S1, 22.4R3;

23.2 versions prior to 23.2R1-S1, 23.2R2.

2023-08 Out-of-Cycle Security Bulletin: Junos OS: SRX Series and EX Series: Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution   CVE-2023-36847 Juniper

Juniper Networks Junos OS on SRX Series and EX Series:

All versions prior to 20.4R3-S9;

21.1 version 21.1R1 and later versions;

21.2 versions prior to 21.2R3-S7;

21.3 versions prior to 21.3R3-S5;

21.4 versions prior to 21.4R3-S5;

22.1 versions prior to 22.1R3-S4;

22.2 versions prior to 22.2R3-S2;

22.3 versions prior to 22.3R2-S2, 22.3R3-S1;

22.4 versions prior to 22.4R2-S1, 22.4R3;

23.2 versions prior to 23.2R1-S1, 23.2R2.

2023-08 Out-of-Cycle Security Bulletin: Junos OS: SRX Series and EX Series: Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution   CVE-2023-41064  Apple

Versions prior to:

iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10

About the security content of iOS 16.6.1 and iPadOS 16.6.1

About the security content of macOS Ventura 13.5.2

About the security content of iOS 15.7.9 and iPadOS 15.7.9

About the security content of macOS Monterey 12.6.9

About the security content of macOS Big Sur 11.7.10

  CVE-2023-41061 Apple Versions prior to:
watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1

About the security content of watchOS 9.6.2

About the security content of iOS 16.6.1 and iPadOS 16.6.1

  CVE-2021-22205 GitLab All versions starting from 11.9 RCE when removing metadata with ExifTool   CVE-2019-11510 Ivanti Pulse Secure Pulse Connect Secure versions, 9.0R1 to 9.0R3.3, 8.3R1 to 8.3R7, and 8.2R1 to 8.2R12 SA44101 – 2019-04: Out-of-Cycle Advisory: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0RX   CVE-2023-6448  Unitronics

VisiLogic versions before

9.9.00

Unitronics Cybersecurity Advisory 2023-001: Default administrative password   CVE-2017-6742 Cisco Simple Network Management Protocol subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 SNMP Remote Code Execution Vulnerabilities in Cisco IOS and IOS XE Software   CVE-2021-4034 Red Hat

Red Hat Enterprise Linux 6

Red Hat Enterprise Linux 7

Red Hat Enterprise Linux 8

Red Hat Virtualization 4

Any Red Hat product supported on Red Hat Enterprise Linux (including RHEL CoreOS) is also potentially impacted.

RHSB-2022-001 Polkit Privilege Escalation – (CVE-2021-4034) Joint CSA: Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure CVE-2021-26084 Atlassian Confluence Server and Data Center, versions 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. Jira Atlassian: Confluence Server Webwork OGNL injection – CVE-2021-26084 Joint CSA: Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure CVE-2021-33044 Dahua Various products — Joint CSA: Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure CVE-2021-33045 Dahua Various products — Joint CSA: Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure CVE-2022-3236 Sophos Sophos Firewall v19.0 MR1 (19.0.1) and older Resolved RCE in Sophos Firewall (CVE-2022-3236) Joint CSA: Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure CVE-2022-26134 Atlassian Confluence Server and Data Center, versions: 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4, 7.18.1 Confluence Security Advisory 2022-06-02 Joint CSA: Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure CVE-2022-41040 Microsoft Microsoft Exchange servers Microsoft Exchange Server Elevation of Privilege Vulnerability   CVE-2023-38831 RARLAB WinRAR Versions prior to 6.23 Beta 1 WinRAR 6.23 Beta 1 Released   CVE-2019-18935 Progress Telerik Telerik.Web.UI.dll versions:

 

Allows JavaScriptSerializer Deserialization Threat Actors Exploit Progress Telerik Vulnerabilities in Multiple U.S. Government IIS Servers CVE-2021-34473 Microsoft

Exchange Server, Multiple Versions:

Q1 2011 (2011.1.315) to R2 2017 SP1 (2017.2.621)

R2 2017 SP2 (2017.2.711) to R3 2019 (2019.3.917)

R3 2019 SP1 (2019.3.1023)

R1 2020 (2020.1.114) and later

Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-34473 Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities