Sunday, November 24, 2024
CISA Exploit List

CISA Active Exploit List Updated September 8, 2022

by Artie Kaye

The US Cybersecurity and Infrastructure Security Agency have added 12 items to their list of must address exploits.  The date to fix by is September 29, 2022.  As these are actively being used by attackers in the wild it is recommended to resolve the issues.  Below are the CVE numbers, the companies, and the link to the solutions for said problems.

CompanyCVEPlatformDetails
AppleCVE-2020-9934iOS
macOS
iPadOS
https://support.apple.com/en-us/HT211288, https://support.apple.com/en-us/HT211289
D-LinkCVE-2022-28958DIR-816Lhttps://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10300
CVE-2022-26258DIR-820Lhttps://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10295
CVE-2018-6530DIR-818LW
DIR-860L
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10105
CVE-2011-4723DIR-300https://www.dlink.ru/mn/products/2/728.html
FortiGuard LabsCVE-2018-13374Fortinethttps://www.fortiguard.com/psirt/FG-IR-18-157
GoogleCVE-2011-1823Androidhttps://android.googlesource.com/platform/system/vold/+/c51920c82463b240e2be0430849837d6fdc5352e
CVE-2022-3075Chromehttps://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html, https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3075
MikrotikCVE-2018-7445RouterOS SMBhttps://www.coresecurity.com/core-labs/advisories/mikrotik-routeros-smb-buffer-overflow#vendor_update, https://mikrotik.com/download
NETGEARCVE-2017-5521*Multiple Products*https://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability
OracleCVE-2018-2628Oraclehttps://www.oracle.com/security-alerts/cpuapr2018.html
QNAPCVE-2022-27593Photo Stationhttps://www.qnap.com/en/security-advisory/qsa-22-24

For a more comprehensive list of all vulnerabilities, visit cisa.gov (Opens in a new tab/window.)