# RansomHub's Exploited Vulnerabilities
> [!NOTE]
> This is the list of vulnerabilities that have been observed during intrusions that lead to RansomHub ransomware deployment

### `Apache`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| ActiveMQ | CVE-2023-46604 | RansomHub | [cisa.gov](https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a) |

### `Atlassian`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| Confluence Data Center & Server | CVE-2023-22515 | RansomHub | [cisa.gov](https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a) |

### `Citrix`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| NetScaler ADC & Gateway | CVE-2023-3519 | RansomHub | [cisa.gov](https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a) |

### `Fortinet`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| FortiOS SSL-VPN & FortiProxy | CVE-2023-27997 | RansomHub | [cisa.gov](https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a) |
| FortiClientEMS | CVE-2023-48788 | RansomHub | [cisa.gov](https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a) |

### `F5`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| BIG-IP | CVE-2023-46747 | RansomHub | [cisa.gov](https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a) |

### `Windows`
| Product | CVE(s) | Ransomware Group(s) | Source(s) |
|---|---|---|---|
| NetLogon | CVE-2020-1472 ("ZeroLogon") | RansomHub | [cisa.gov](https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a) |
| BITS | CVE-2020-0787 | RansomHub | [cisa.gov](https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a) |
| SMBv1 | CVE-2017-0144 ("EternalBlue") | RansomHub | [cisa.gov](https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a) |

---

#### Sources
| Date Published | Report |
|---|---|
| 29 August 2024 | https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-242a |