CISA Active Exploit List Updated November 1, 2022


by Artie Kaye

The US Cybersecurity and Infrastructure Security Agency have added several items to their list of must address exploits.  As these are actively being used by attackers in the wild it is recommended to resolve the issues.  Below are the companies, CVE numbers, and links to the solutions for said problems.

Apple
CVE-2022-32917
https://support.apple.com/en-us/HT213445
https://support.apple.com/en-us/HT213444

CVE-2022-42827
https://support.apple.com/en-us/HT213489

Microsoft
CVE-2022-37969
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37969

CVE-2010-2568
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046

CVE-2022-41040
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/

CVE-2022-41082
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/

CVE-2022-41033
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41033

Linux
CVE-2013-2094
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8176cced706b5e5d15887584150764894e94e02f

CVE-2013-2596
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fc9bbca8f650e5f738af8806317c0a041a48ae4a

CVE-2013-6282
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8404663f81d212918ff85f493649a7991209fa04

CVE-2021-3493
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52

Code Aurora
CVE-2013-2597
https://web.archive.org/web/20161226013354/https:/www.codeaurora.org/news/security-advisories/stack-based-buffer-overflow-acdb-audio-driver-cve-2013-2597

Trend Micro
CVE-2022-40139
https://success.trendmicro.com/dcx/s/solution/000291528?language=en_US

Zoho
CVE-2022-35405
https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405.html

Sophos
CVE-2022-3236
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce

Atlassian
CVE-2022-36804
https://jira.atlassian.com/browse/BSERV-13438

Fortinet
CVE-2022-40684
https://www.fortiguard.com/psirt/FG-IR-22-377

Zimbra
CVE-2022-41352
https://wiki.zimbra.com/wiki/Security_Center

GIGABYTE
CVE-2018-19320
https://www.gigabyte.com/Support/Security/1801

CVE-2018-19321
https://www.gigabyte.com/Support/Security/1801

CVE-2018-19322
https://www.gigabyte.com/Support/Security/1801

CVE-2018-19323
https://www.gigabyte.com/Support/Security/1801

Cisco
CVE-2020-3153
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj

CVE-2020-3433
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW

Google
CVE-2022-3723
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html

https://www.cisa.gov/known-exploited-vulnerabilities-catalog