Update KEV: Wed Feb 19 00:11:26 UTC 2025

Signed-off-by: AboutCode Automation <[email protected]>
aboutcode-org · Feb 19, 2025 · 1881149 · 1881149
1 parent 24af9eb
commit 1881149
Showing 1 changed file with 34 additions and 4 deletions.
diff --git a/known_exploited_vulnerabilities.json b/known_exploited_vulnerabilities.json
@@ -1,9 +1,39 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.02.15",
-    "dateReleased": "2025-02-15T19:28:17.8832Z",
-    "count": 1271,
+    "catalogVersion": "2025.02.18",
+    "dateReleased": "2025-02-18T20:08:26.6543Z",
+    "count": 1273,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2025-0108",
+            "vendorProject": "Palo Alto",
+            "product": "PAN-OS",
+            "vulnerabilityName": "Palo Alto PAN-OS Authentication Bypass Vulnerability",
+            "dateAdded": "2025-02-18",
+            "shortDescription": "Palo Alto PAN-OS contains an authentication bypass vulnerability in its management web interface. This vulnerability allows an unauthenticated attacker with network access to the management web interface to bypass the authentication normally required and invoke certain PHP scripts.",
+            "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-03-11",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/security.paloaltonetworks.com\/CVE-2025-0108 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-0108",
+            "cwes": [
+                "CWE-306"
+            ]
+        },
+        {
+            "cveID": "CVE-2024-53704",
+            "vendorProject": "SonicWall",
+            "product": "SonicOS",
+            "vulnerabilityName": "SonicWall SonicOS SSLVPN Improper Authentication Vulnerability",
+            "dateAdded": "2025-02-18",
+            "shortDescription": "SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication.",
+            "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-03-11",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/psirt.global.sonicwall.com\/vuln-detail\/SNWLID-2025-0003 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-53704",
+            "cwes": [
+                "CWE-287"
+            ]
+        },
         {
             "cveID": "CVE-2024-57727",
             "vendorProject": "SimpleHelp ",
@@ -217,7 +247,7 @@
         {
             "cveID": "CVE-2018-19410",
             "vendorProject": "Paessler",
-            "product": "PTRG Network Monitor",
+            "product": "PRTG Network Monitor",
             "vulnerabilityName": "Paessler PRTG Network Monitor Local File Inclusion Vulnerability",
             "dateAdded": "2025-02-04",
             "shortDescription": "Paessler PRTG Network Monitor contains a local file inclusion vulnerability that allows a remote, unauthenticated attacker to create users with read-write privileges (including administrator).",