# LockBit's Exploited Vulnerabilities
> [!NOTE]
> This is the list of vulnerabilities that have been observed during intrusions that lead to LockBit ransomware deployment or data exfiltration and leaks published to LockBit's Tor Site

### `Apache`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| Log4j | CVE-2021-44228 ("Log4Shell") | LockBit | [cisa.gov](https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a) |

### `Citrix`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| NetScaler ADC & Gateway | CVE-2023-4966 ("Citrixbleed") | LockBit | [doublepulsar.com](https://doublepulsar.com/lockbit-ransomware-group-assemble-strike-team-to-breach-banks-law-firms-and-governments-4220580bfcee) | 

### `Fortinet`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| FortiOS | CVE-2018-13379 | LockBit | [cisa.gov](https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a) |

### `Fortra`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| GoAnywhere Managed File Transfer | CVE-2023-0669 | LockBit | [cisa.gov](https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a) |

### `F5`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| iControl REST | CVE-2021-22986 | LockBit | [cisa.gov](https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a) |

### `PaperCut`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---| 
| PaperCut Application Server | CVE-2023–27350 & CVE-2023–27351 | LockBit | [twitter.com/MsftSecIntel](https://twitter.com/MsftSecIntel/status/1651346653901725696) |

### `Windows`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| NetLogon | CVE-2020-1472 ("ZeroLogon") | LockBit | [cisa.gov](https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a) |
| Remote Desktop Services | CVE-2019-0708 ("BlueKeep") | LockBit | [cisa.gov](https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a) | 

---

#### Sources
| Date Published | Report |
|---|---|
| 13 Nov 2023 | https://doublepulsar.com/lockbit-ransomware-group-assemble-strike-team-to-breach-banks-law-firms-and-governments-4220580bfcee |
| 14 June 2023 | https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-165a |
| 26 April 2023 | https://twitter.com/MsftSecIntel/status/1651346653901725696 |