Skip to content
Permalink
master
Switch branches/tags
Go to file
2 contributors

Users who have contributed to this file

@mikesiko @williballenthin
18 lines (17 sloc) 2.4 KB

Prioritized list of CVEs that should be addressed to limit the effectiveness of the Red Team tools. This is a recommended order and customers may make their own priorities based on their unique environments.

  1. CVE-2019-11510 – pre-auth arbitrary file reading from Pulse Secure SSL VPNs - CVSS 10.0
  2. CVE-2020-1472 – Microsoft Active Directory escalation of privileges - CVSS 10.0
  3. CVE-2018-13379 – pre-auth arbitrary file reading from Fortinet Fortigate SSL VPN - CVSS 9.8
  4. CVE-2018-15961 – RCE via Adobe ColdFusion (arbitrary file upload that can be used to upload a JSP web shell) - CVSS 9.8
  5. CVE-2019-0604 – RCE for Microsoft Sharepoint - CVSS 9.8
  6. CVE-2019-0708 – RCE of Windows Remote Desktop Services (RDS) - CVSS 9.8
  7. CVE-2019-11580 - Atlassian Crowd Remote Code Execution - CVSS 9.8
  8. CVE-2019-19781 – RCE of Citrix Application Delivery Controller and Citrix Gateway - CVSS 9.8
  9. CVE-2020-10189 – RCE for ZoHo ManageEngine Desktop Central - CVSS 9.8
  10. CVE-2014-1812 – Windows Local Privilege Escalation - CVSS 9.0
  11. CVE-2019-3398 – Confluence Authenticated Remote Code Execution - CVSS 8.8
  12. CVE-2020-0688 – Remote Command Execution in Microsoft Exchange - CVSS 8.8
  13. CVE-2016-0167 – local privilege escalation on older versions of Microsoft Windows - CVSS 7.8
  14. CVE-2017-11774 – RCE in Microsoft Outlook via crafted document execution (phishing) - CVSS 7.8
  15. CVE-2018-8581 - Microsoft Exchange Server escalation of privileges - CVSS 7.4
  16. CVE-2019-8394 – arbitrary pre-auth file upload to ZoHo ManageEngine ServiceDesk Plus - CVSS 6.5