CISA Active Exploit List Updated September 8, 2022


by Artie Kaye

The US Cybersecurity and Infrastructure Security Agency have added 12 items to their list of must address exploits.  The date to fix by is September 29, 2022.  As these are actively being used by attackers in the wild it is recommended to resolve the issues.  Below are the CVE numbers, the companies, and the link to the solutions for said problems.

Google 
CVE-2022-3075
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html, https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3075

D-Link 
CVE-2022-28958
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10300

CVE-2022-26258
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10295

CVE-2018-6530
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10105

CVE-2011-4723
https://www.dlink.ru/mn/products/2/728.html

QNAP 
CVE-2022-27593
https://www.qnap.com/en/security-advisory/qsa-22-24

Apple 
CVE-2020-9934
https://support.apple.com/en-us/HT211288, https://support.apple.com/en-us/HT211289

Mikrotik 
CVE-2018-7445
https://www.coresecurity.com/core-labs/advisories/mikrotik-routeros-smb-buffer-overflow#vendor_update, https://mikrotik.com/download

Oracle 
CVE-2018-2628
https://www.oracle.com/security-alerts/cpuapr2018.html

Fortinet 
CVE-2018-13374
https://www.fortiguard.com/psirt/FG-IR-18-157

NETGEAR 
CVE-2017-5521
https://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability

Android 
CVE-2011-1823
https://android.googlesource.com/platform/system/vold/+/c51920c82463b240e2be0430849837d6fdc5352e

https://www.cisa.gov/known-exploited-vulnerabilities-catalog