Skip to content

ACSC Publishes Routinely Exploited Vulnerability Advisory - 20241113001

Overview

The ACSC has published a joint advisory providing collected and compiled details by the authoring agencies on the CVEs routinely and frequently exploited by malicious cyber actors in 2023, and their associated CWEs.

What is vulnerable?

Vendor CVE
Apache CVE-2021-44228
Apple CVE-2023-41061
Apple CVE-2023-41064
Atlassian CVE-2021-26084
Atlassian CVE-2022-26134
Atlassian CVE-2023-22515
Atlassian CVE-2023-22518
Barracuda Networks CVE-2023-2868
Cisco CVE-2017-6742
Cisco CVE-2023-20198
Cisco CVE-2023-20273
Citrix CVE-2023-3519
Citrix CVE-2023-4966
Dahua CVE-2021-33044
Dahua CVE-2021-33045
F5 CVE-2021-22986
FatPipe CVE-2021-27860
Fortinet CVE-2018-13379
Fortinet CVE-2023-27997
Fortra CVE-2023-0669
GitLab CVE-2021-22205
Ivanti CVE-2019-11510
Ivanti CVE-2023-35078
Ivanti CVE-2023-35081
JetBrains CVE-2023-42793
Juniper CVE-2023-36844
Juniper CVE-2023-36845
Juniper CVE-2023-36846
Juniper CVE-2023-36847
Microsoft CVE-2019-0708
Microsoft CVE-2020-1472
Microsoft CVE-2021-34473
Microsoft CVE-2022-41040
Microsoft CVE-2023-23397
N/A CVE-2023-44487
Netwrix CVE-2022-31199
Novi CVE-2023-29492
ownCloud CVE-2023-49103
PaperCut CVE-2023-27350
Progress CVE-2023-34362
Progress Telerik CVE-2019-18935
RARLAB CVE-2023-38831
Red Hat CVE-2021-4034
Sophos CVE-2022-3236
Unitronics CVE-2023-6448
Zoho CVE-2021-40539
Zoho CVE-2022-47966

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 Hours... (refer Patch Management):