CISA KEV Updates

rxerium · Dec 24, 2024 · 9747e14 · 9747e14
1 parent a49b4a0
commit 9747e14
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/cisa-kev.csv b/cisa-kev.csv
@@ -1,4 +1,5 @@
 cveID,vendorProject,product,vulnerabilityName,dateAdded,shortDescription,requiredAction,dueDate,knownRansomwareCampaignUse,notes,cwes
+CVE-2021-44207,"Acclaim Systems",USAHERDS,"Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ",2024-12-23,"Acclaim Systems USAHERDS contains a hard-coded credentials vulnerability that could allow an attacker to achieve remote code execution on the system that runs the application. The MachineKey must be obtained via a separate vulnerability or other channel.","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Please contact the product developer for support and vulnerability mitigation.",2025-01-13,Unknown,"https://www.acclaimsystems.com/#contact ; https://www.tnatc.org/#contact ; https://nvd.nist.gov/vuln/detail/CVE-2021-44207",CWE-798
 CVE-2024-12356,BeyondTrust,"Privileged Remote Access (PRA) and Remote Support (RS) ","BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability ",2024-12-19,"BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user. ","Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",2024-12-27,Unknown,"https://www.beyondtrust.com/trust-center/security-advisories/bt24-10 ; https://nvd.nist.gov/vuln/detail/CVE-2024-12356",CWE-77
 CVE-2021-40407,Reolink,"RLC-410W IP Camera","Reolink RLC-410W IP Camera OS Command Injection Vulnerability ",2024-12-18,"Reolink RLC-410W IP cameras contain an authenticated OS command injection vulnerability in the device network settings functionality.","The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.",2025-01-08,Unknown,"https://reolink.com/product-eol/ ; https://reolink.com/download-center/ ; https://nvd.nist.gov/vuln/detail/CVE-2021-40407",CWE-78
 CVE-2019-11001,Reolink,"Multiple IP Cameras","Reolink Multiple IP Cameras OS Command Injection Vulnerability",2024-12-18,"Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W IP cameras contain an authenticated OS command injection vulnerability. This vulnerability allows an authenticated admin to use the ""TestEmail"" functionality to inject and run OS commands as root.","The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.",2025-01-08,Unknown,"https://reolink.com/product-eol/ ; https://reolink.com/download-center/ ; https://nvd.nist.gov/vuln/detail/CVE-2019-11001",CWE-78

diff --git a/nuclei-templates b/nuclei-templates