2023 Top Routinely Exploited Vulnerabilities | CISA
- by nlqip
NetScaler ADC and NetScaler Gateway:
13.1 before 13.1-49.13
13.0 before 13.0-91.13
NetScaler ADC:
13.1-FIPS before 13.1-37.159
12.1-FIPS before 12.1-55.297
12.1-NDcPP before 12.1-55.297
Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells
Critical Security Update for NetScaler ADC and NetScaler Gateway
NetScaler ADC and NetScaler Gateway:
14.1 before 14.1-8.50
13.1 before 13.1-49.15
13.0 before 13.0-92.19
NetScaler ADC:
13.1-FIPS before 13.1-37.164
12.1-FIPS before 12.1-55.300
12.1-NDcPP before 12.1-55.300
#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability
Critical Security Update for NetScaler ADC and NetScaler Gateway
FortiOS-6K7K versions:
7.0.10, 7.0.5, 6.4.12
6.4.10, 6.4.8, 6.4.6, 6.4.2
6.2.9 through 6.2.13
6.2.6 through 6.2.7
6.2.4
6.0.12 through 6.0.16
6.0.10
MOVEit Transfer:
2023.0.0 (15.0)
2022.1.x (14.1)
2022.0.x (14.0)
2021.1.x (13.1)
2021.0.x (13.0)
2020.1.x (12.1)
2020.0.x (12.0) or older MOVEit Cloud
8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4
8.1.0, 8.1.1, 8.1.3, 8.1.4
8.2.0, 8.2.1, 8.2.2, 8.2.38.3.0, 8.3.1, 8.3.2
8.4.0, 8.4.1, 8.4.28.5.0, 8.5.1
(Log4Shell)
Log4j, all versions from 2.0-beta9 to 2.14.1
For other affected vendors and products, see CISA’s GitHub repository.
Apache Log4j Security Vulnerabilities
For additional information, see joint advisory: Mitigating Log4Shell and Other Log4j-Related Vulnerabilities
PaperCut MF or NG version 8.0 or later (excluding patched versions) on all OS platforms. This includes:
version 8.0.0 to 19.2.7 (inclusive)
version 20.0.0 to 20.1.6 (inclusive)
version 21.0.0 to 21.2.10 (inclusive)
version 22.0.0 to 22.0.8 (inclusive)
WARP, MPVPN, IPVPN
10.1.2 and 10.2.2
ACSC Alert:
Critical vulnerability in ManageEngine ADSelfService Plus exploited by cyber actors
BIG-IP versions:
16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 and BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2
All supported versions of Endpoint Manager Mobile (EPMM), including:
Version 11.4 releases 11.10, 11.9 and 11.8
Juniper Networks Junos OS on SRX Series and EX Series:
All versions prior to 20.4R3-S9;
21.1 version 21.1R1 and later versions;
21.2 versions prior to 21.2R3-S7;
21.3 versions prior to 21.3R3-S5;
21.4 versions prior to 21.4R3-S5;
22.1 versions prior to 22.1R3-S4;
22.2 versions prior to 22.2R3-S2;
22.3 versions prior to 22.3R2-S2, 22.3R3-S1;
22.4 versions prior to 22.4R2-S1, 22.4R3;
23.2 versions prior to 23.2R1-S1, 23.2R2.
Juniper Networks Junos OS on SRX Series and EX Series:
All versions prior to 20.4R3-S9;
21.1 version 21.1R1 and later versions;
21.2 versions prior to 21.2R3-S7;
21.3 versions prior to 21.3R3-S5;
21.4 versions prior to 21.4R3-S5;
22.1 versions prior to 22.1R3-S4;
22.2 versions prior to 22.2R3-S2;
22.3 versions prior to 22.3R2-S2, 22.3R3-S1;
22.4 versions prior to 22.4R2-S1, 22.4R3;
23.2 versions prior to 23.2R1-S1, 23.2R2.
Juniper Networks Junos OS on SRX Series and EX Series:
All versions prior to 20.4R3-S9;
21.1 version 21.1R1 and later versions;
21.2 versions prior to 21.2R3-S7;
21.3 versions prior to 21.3R3-S5;
21.4 versions prior to 21.4R3-S5;
22.1 versions prior to 22.1R3-S4;
22.2 versions prior to 22.2R3-S2;
22.3 versions prior to 22.3R2-S2, 22.3R3-S1;
22.4 versions prior to 22.4R2-S1, 22.4R3;
23.2 versions prior to 23.2R1-S1, 23.2R2.
Juniper Networks Junos OS on SRX Series and EX Series:
All versions prior to 20.4R3-S9;
21.1 version 21.1R1 and later versions;
21.2 versions prior to 21.2R3-S7;
21.3 versions prior to 21.3R3-S5;
21.4 versions prior to 21.4R3-S5;
22.1 versions prior to 22.1R3-S4;
22.2 versions prior to 22.2R3-S2;
22.3 versions prior to 22.3R2-S2, 22.3R3-S1;
22.4 versions prior to 22.4R2-S1, 22.4R3;
23.2 versions prior to 23.2R1-S1, 23.2R2.
Versions prior to:
iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10
About the security content of iOS 16.6.1 and iPadOS 16.6.1
About the security content of macOS Ventura 13.5.2
About the security content of iOS 15.7.9 and iPadOS 15.7.9
watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1
VisiLogic versions before
9.9.00
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Virtualization 4
Any Red Hat product supported on Red Hat Enterprise Linux (including RHEL CoreOS) is also potentially impacted.
Exchange Server, Multiple Versions:
Q1 2011 (2011.1.315) to R2 2017 SP1 (2017.2.621)
R2 2017 SP2 (2017.2.711) to R3 2019 (2019.3.917)
R3 2019 SP1 (2019.3.1023)
R1 2020 (2020.1.114) and later
Source link
lol
CVE-2023-3519 Citrix NetScaler ADC and NetScaler Gateway: 13.1 before 13.1-49.13 13.0 before 13.0-91.13 NetScaler ADC: 13.1-FIPS before 13.1-37.159 12.1-FIPS before 12.1-55.297 12.1-NDcPP before 12.1-55.297 Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467 Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells Critical Security Update for NetScaler ADC and NetScaler Gateway CVE-2023-4966 Citrix NetScaler ADC and NetScaler…