regscale-cli 6.19.2.0__py3-none-any.whl → 6.20.0.0__py3-none-any.whl

regscale/integrations/public/fedramp/fedramp_five.py

@@ -11,7 +11,6 @@ from tempfile import gettempdir
 from typing import Any, Dict, List, Optional, Tuple, Union
 
 from dateutil.relativedelta import relativedelta
-from packaging.version import Version
 
 from regscale.core.app.api import Api
 from regscale.core.app.application import Application
@@ -28,7 +27,6 @@ from regscale.models import (
     ControlParameter,
     File,
     ImplementationObjective,
-    ImplementationObjectiveResponsibility,
     ImplementationOption,
     LeveragedAuthorization,
     Parameter,
@@ -40,6 +38,7 @@ from regscale.models import (
     StakeHolder,
     SystemRole,
     User,
+    ImplementationControlOrigin,
 )
 from regscale.utils.version import RegscaleVersion
 
@@ -1400,8 +1399,7 @@ def handle_parts(
             else control_objectives
         )
         logger.debug(f"Matching Objectives: {matching_objectives}")
-        regscale_version = RegscaleVersion.get_platform_version()
-        if len(regscale_version) >= 10 or Version(regscale_version) >= Version("6.13.0.0"):
+        if RegscaleVersion.meets_minimum_version("6.13.0.0"):
             status = status_map.get(status, status)
 
         # Status should never be None
@@ -1510,44 +1508,33 @@ def map_responsibility(responsibility: str) -> str:
     :return: The mapped responsibility.
     :rtype: str
     """
-    # This should be server code, sorry
+    if not responsibility:
+        return ""  # Return empty string instead of None
+
+    # Handle comma-separated values
+    if "," in responsibility:
+        responsibility_values = [r.strip() for r in responsibility.split(",")]
+        return ",".join([map_responsibility(r) for r in responsibility_values])
+
+    # This should be server code with proper enums, but this is the best we can do for now
     responsibility_map = {
-        "Provider": "Service Provider Corporate",
-        "Provider (System Specific)": "Service Provider System Specific",
-        "Customer": "Provided by Customer (Customer System Specific)",
-        "Hybrid": "Service Provider Hybrid (Corporate and System Specific)",
-        "Customer Configured": "Configured by Customer (Customer System Specific)",
-        "Shared": "Shared (Service Provider and Customer Responsibility)",
-        "Inherited": "Inherited from pre-existing FedRAMP Authorization",
+        "Service Provider Corporate": ImplementationControlOrigin.SERVICE_PROVIDER_CORPORATE.value,
+        "Service Provider System Specific": ImplementationControlOrigin.SERVICE_PROVIDER_SYSTEM.value,
+        "Service Provider Hybrid (Corporate and System Specific)": ImplementationControlOrigin.SERVICE_PROVIDER_HYBRID.value,  # Map to closest value
+        "Configured by Customer (Customer System Specific)": ImplementationControlOrigin.CONFIGURED_BY_CUSTOMER.value,
+        "Provided by Customer (Customer System Specific)": ImplementationControlOrigin.PROVIDED_BY_CUSTOMER.value,
+        "Shared (Service Provider and Customer Responsibility)": ImplementationControlOrigin.SHARED.value,
+        "Inherited from pre-existing FedRAMP Authorization": ImplementationControlOrigin.INHERITED_FROM_PRE_EXISTING_FEDRAMP_AUTHORIZATION.value,
     }
-    res = ""
-    if responsibility == "Service Provider System Specific":
-        res = ImplementationObjectiveResponsibility.PROVIDER_SYSTEM_SPECIFIC.value
-    if responsibility == SERVICE_PROVIDER_CORPORATE:
-        res = ImplementationObjectiveResponsibility.PROVIDER.value
-    if responsibility == "Provided by Customer (Customer System Specific)":
-        res = ImplementationObjectiveResponsibility.CUSTOMER.value
-    if responsibility == "Configured by Customer (Customer System Specific)":
-        res = ImplementationObjectiveResponsibility.CUSTOMER_CONFIGURED.value
-    if responsibility == "Service Provider Hybrid (Corporate and System Specific)":
-        res = ImplementationObjectiveResponsibility.HYBRID.value
-    if responsibility == "Inherited from pre-existing FedRAMP Authorization":
-        res = ImplementationObjectiveResponsibility.INHERITED.value
-    if responsibility == ImplementationObjectiveResponsibility.NOT_APPLICABLE.value:
-        res = ImplementationObjectiveResponsibility.NOT_APPLICABLE.value
-    if responsibility == "Shared (Service Provider and Customer Responsibility)":
-        res = ImplementationObjectiveResponsibility.SHARED.value
-    regscale_version = RegscaleVersion.get_platform_version()
-    if len(regscale_version) >= 10 or Version(regscale_version) >= Version("6.13.0.0"):
-        return responsibility_map.get(res, res)
-    return res
+
+    return responsibility_map.get(responsibility, responsibility or "")
 
 
 def handle_implementation_objectives(
     objective: ControlObjective,
     part_statement: str,
     status: Optional[str],
-    control_implementation: ControlImplementation,
+    control_implementation: Union[ControlImplementation, int, None],
     imp_objectives: List[ImplementationObjective],
     control: SecurityControl,
     duplicate: bool,
@@ -1555,26 +1542,30 @@ def handle_implementation_objectives(
 ):
     """
     Handle the implementation objectives for the given objective, option, and control implementation.
-    :param ControlObjective objective:
-    :param str part_statement:
-    :param Optional[str] status:
-    :param ControlImplementation control_implementation:
-    :param List[ImplementationObjective] imp_objectives:
-    :param SecurityControl control:
+    :param ControlObjective objective: The control objective.
+    :param str part_statement: The statement text for this part.
+    :param Optional[str] status: The implementation status.
+    :param Union[ControlImplementation, int, None] control_implementation: The control implementation object or ID.
+    :param List[ImplementationObjective] imp_objectives: List to collect implementation objectives.
+    :param SecurityControl control: The security control.
     :param bool duplicate: Whether the option is a duplicate will add note if True.
     :param Optional[str] origination: The origination of the implementation.
     """
     if isinstance(status, ControlImplementationStatus):
         status = status.value
+
+    # Ensure part_statement is valid
+    statement = part_statement if part_statement else ""
+
     imp_obj = ImplementationObjective(
         securityControlId=control.id,
-        implementationId=control_implementation.id,
+        implementationId=control_implementation.id if hasattr(control_implementation, "id") else control_implementation,
         objectiveId=objective.id,
         optionId=None,
         status=status,
-        statement=part_statement,
+        statement=statement,
         notes="#replicated-data-part" if duplicate else "",
-        responsibility=origination if origination else None,
+        responsibility=origination,
     )
     if imp_obj not in imp_objectives:
         imp_objectives.append(imp_obj)
@@ -2341,3 +2332,58 @@ def get_max_version(entries: List[Dict]) -> Optional[str]:
             max_version = max(max_version, version_str, key=parse_version)
     logger.debug(f"Version: {max_version}")
     return max_version
+
+
+def process_objective(
+    objective: ControlObjective,
+    processed_objective_ids: set,
+    existing_objectives_by_objective_id: Dict,
+    control: SecurityControl,
+    part_statement: Optional[str],
+    status: Optional[str],
+    origination: Optional[str] = None,
+    imp_objectives: List[ImplementationObjective] = None,
+):
+    """
+    Process a single control objective.
+
+    :param ControlObjective objective: The objective to process.
+    :param set processed_objective_ids: Set of already processed objective IDs.
+    :param Dict existing_objectives_by_objective_id: Dictionary of existing objectives by ID.
+    :param SecurityControl control: The security control.
+    :param Optional[str] part_statement: The statement for this part, may be None.
+    :param Optional[str] status: The implementation status for this objective.
+    :param Optional[str] origination: The implementation origination for this objective.
+    :param List[ImplementationObjective] imp_objectives: List to collect implementation objectives.
+    :return: None
+    """
+    logger.debug(f"Processing objective: {objective.id} - {objective.name}")
+
+    # Skip if already processed
+    if objective.id in processed_objective_ids:
+        logger.debug(f"Objective {objective.id} already processed")
+        return
+
+    processed_objective_ids.add(objective.id)
+    existing_objective = existing_objectives_by_objective_id.get(objective.id)
+
+    statement = part_statement if part_statement is not None else ""
+
+    # Update existing objective if found
+    if existing_objective is not None:
+        logger.debug(f"Updating existing objective: {existing_objective.id}")
+        existing_objective.status = status
+        existing_objective.statement = statement
+        if origination is not None:
+            existing_objective.responsibility = origination
+        existing_objective.save()
+    # Create new objective if implementation objectives list provided
+    elif imp_objectives is not None:
+        logger.debug(f"Creating new objective for {objective.id}")
+        imp_obj = ImplementationObjective(
+            objectiveId=objective.id,
+            status=status,
+            statement=statement,
+            responsibility=origination,
+        )
+        imp_objectives.append(imp_obj)

regscale/models/integration_models/cisa_kev_data.json

@@ -1,9 +1,159 @@
 {
     "title": "CISA Catalog of Known Exploited Vulnerabilities",
-    "catalogVersion": "2025.05.08",
-    "dateReleased": "2025-05-08T15:49:01.7238Z",
-    "count": 1335,
+    "catalogVersion": "2025.05.15",
+    "dateReleased": "2025-05-15T17:04:05.6633Z",
+    "count": 1345,
     "vulnerabilities": [
+        {
+            "cveID": "CVE-2025-42999",
+            "vendorProject": "SAP",
+            "product": "NetWeaver",
+            "vulnerabilityName": "SAP NetWeaver Deserialization Vulnerability",
+            "dateAdded": "2025-05-15",
+            "shortDescription": "SAP NetWeaver Visual Composer Metadata Uploader contains a deserialization vulnerability that allows a privileged attacker to compromise the confidentiality, integrity, and availability of the host system by deserializing untrusted or malicious content.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-06-05",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "SAP users must have an account to log in and access the patch: https:\/\/me.sap.com\/notes\/3604119 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-42999",
+            "cwes": [
+                "CWE-502"
+            ]
+        },
+        {
+            "cveID": "CVE-2024-12987",
+            "vendorProject": "DrayTek",
+            "product": "Vigor Routers",
+            "vulnerabilityName": "DrayTek Vigor Routers OS Command Injection Vulnerability",
+            "dateAdded": "2025-05-15",
+            "shortDescription": "DrayTek Vigor2960, Vigor300B, and Vigor3900 routers contain an OS command injection vulnerability due to an unknown function of the file \/cgi-bin\/mainfunction.cgi\/apmcfgupload of the component web management interface.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-06-05",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/fw.draytek.com.tw\/Vigor2960\/Firmware\/v1.5.1.5\/DrayTek_Vigor2960_V1.5.1.5_01release-note.pdf ; https:\/\/fw.draytek.com.tw\/Vigor300B\/Firmware\/v1.5.1.5\/DrayTek_Vigor300B_V1.5.1.5_01release-note.pdf ; https:\/\/fw.draytek.com.tw\/Vigor3900\/Firmware\/v1.5.1.5\/DrayTek_Vigor3900_V1.5.1.5_01release-note.pdf ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-12987",
+            "cwes": [
+                "CWE-78"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-4664",
+            "vendorProject": "Google",
+            "product": "Chromium",
+            "vulnerabilityName": "Google Chromium Loader Insufficient Policy Enforcement Vulnerability",
+            "dateAdded": "2025-05-15",
+            "shortDescription": "Google Chromium contains an insufficient policy enforcement vulnerability that allows a remote attacker to leak cross-origin data via a crafted HTML page.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-06-05",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/chromereleases.googleblog.com\/2025\/05\/stable-channel-update-for-desktop_14.html ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-4664",
+            "cwes": [
+                "CWE-346"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-32756",
+            "vendorProject": "Fortinet",
+            "product": "Multiple Products",
+            "vulnerabilityName": "Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability",
+            "dateAdded": "2025-05-14",
+            "shortDescription": "Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-06-04",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/fortiguard.fortinet.com\/psirt\/FG-IR-25-254 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-32756",
+            "cwes": [
+                "CWE-124"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-32709",
+            "vendorProject": "Microsoft",
+            "product": "Windows",
+            "vulnerabilityName": "Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability",
+            "dateAdded": "2025-05-13",
+            "shortDescription": "Microsoft Windows Ancillary Function Driver for WinSock contains a use-after-free vulnerability that allows an authorized attacker to escalate privileges to administrator.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-06-03",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-32709 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-32709",
+            "cwes": [
+                "CWE-416"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-30397",
+            "vendorProject": "Microsoft",
+            "product": "Windows",
+            "vulnerabilityName": "Microsoft Windows Scripting Engine Type Confusion Vulnerability",
+            "dateAdded": "2025-05-13",
+            "shortDescription": "Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to execute code over a network via a specially crafted URL.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-06-03",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-30397 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-30397",
+            "cwes": [
+                "CWE-843"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-32706",
+            "vendorProject": "Microsoft",
+            "product": "Windows",
+            "vulnerabilityName": "Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability",
+            "dateAdded": "2025-05-13",
+            "shortDescription": "Microsoft Windows Common Log File System (CLFS) Driver contains a heap-based buffer overflow vulnerability that allows an authorized attacker to elevate privileges locally.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-06-03",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-32706 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-32706",
+            "cwes": [
+                "CWE-122"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-32701",
+            "vendorProject": "Microsoft",
+            "product": "Windows",
+            "vulnerabilityName": "Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability",
+            "dateAdded": "2025-05-13",
+            "shortDescription": "Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-06-03",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-32701 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-32701",
+            "cwes": [
+                "CWE-416"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-30400",
+            "vendorProject": "Microsoft",
+            "product": "Windows",
+            "vulnerabilityName": "Microsoft Windows DWM Core Library Use-After-Free Vulnerability",
+            "dateAdded": "2025-05-13",
+            "shortDescription": "Microsoft Windows DWM Core Library contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-06-03",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2025-30400 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-30400",
+            "cwes": [
+                "CWE-416"
+            ]
+        },
+        {
+            "cveID": "CVE-2025-47729",
+            "vendorProject": "TeleMessage",
+            "product": "TM SGNL",
+            "vulnerabilityName": "TeleMessage TM SGNL Hidden Functionality Vulnerability",
+            "dateAdded": "2025-05-12",
+            "shortDescription": "TeleMessage TM SGNL contains a hidden functionality vulnerability in which the archiving backend holds cleartext copies of messages from TM SGNL application users.",
+            "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
+            "dueDate": "2025-06-02",
+            "knownRansomwareCampaignUse": "Unknown",
+            "notes": "Apply mitigations per vendor instructions. Absent mitigating instructions from the vendor, discontinue use of the product. ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-47729",
+            "cwes": [
+                "CWE-912"
+            ]
+        },
         {
             "cveID": "CVE-2024-11120",
             "vendorProject": "GeoVision",
@@ -133,7 +283,7 @@
             "shortDescription": "SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries.",
             "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-05-20",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/me.sap.com\/notes\/3594142 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-31324",
             "cwes": [
                 "CWE-434"
@@ -322,7 +472,7 @@
             "shortDescription": "Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution. ",
             "requiredAction": "Apply mitigations as set forth in the CISA instructions linked below.",
             "dueDate": "2025-04-11",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/cisa-mitigation-instructions-cve-2025-22457 ; Additional References: https:\/\/forums.ivanti.com\/s\/article\/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-22457",
             "cwes": [
                 "CWE-121"
@@ -1250,7 +1400,7 @@
             "shortDescription": "SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands.",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-02-14",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/psirt.global.sonicwall.com\/vuln-detail\/SNWLID-2025-0002 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-23006",
             "cwes": [
                 "CWE-502"
@@ -1385,7 +1535,7 @@
             "shortDescription": "Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.",
             "requiredAction": "Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.",
             "dueDate": "2025-01-15",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "CISA Mitigation Instructions: https:\/\/www.cisa.gov\/cisa-mitigation-instructions-CVE-2025-0282 Additional References: https:\/\/forums.ivanti.com\/s\/article\/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-0282",
             "cwes": [
                 "CWE-121"
@@ -1413,7 +1563,7 @@
             "shortDescription": "Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an unauthenticated, remote attacker to read arbitrary files on the server.",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-01-28",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/www.mitel.com\/support\/security-advisories\/mitel-product-security-advisory-misa-2024-0029 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-55550",
             "cwes": [
                 "CWE-22"
@@ -1428,7 +1578,7 @@
             "shortDescription": "Mitel MiCollab contains a path traversal vulnerability that could allow an attacker to gain unauthorized and unauthenticated access. This vulnerability can be chained with CVE-2024-55550, which allows an unauthenticated, remote attacker to read arbitrary files on the server.",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2025-01-28",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/www.mitel.com\/support\/security-advisories\/mitel-product-security-advisory-misa-2024-0029 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-41713 ",
             "cwes": [
                 "CWE-22"
@@ -1787,7 +1937,7 @@
             "shortDescription": "Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators.",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.",
             "dueDate": "2024-12-09",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/security.paloaltonetworks.com\/CVE-2024-0012 ; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2024-0012",
             "cwes": [
                 "CWE-306"
@@ -5029,7 +5179,7 @@
             "shortDescription": "Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the ping_ip parameter to the expert\/maintenance\/diagnostic\/nslookup URI.",
             "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
             "dueDate": "2023-10-09",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/www.zyxel.com\/global\/en\/support\/security-advisories\/zyxel-security-advisory-for-command-injection-vulnerability-in-emg2926-q10a-ethernet-cpe, https:\/\/www.zyxelguard.com\/Zyxel-EOL.asp; https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-6884",
             "cwes": [
                 "CWE-78"
@@ -7170,7 +7320,7 @@
             "shortDescription": "Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.",
             "requiredAction": "Apply updates per vendor instructions.",
             "dueDate": "2022-12-09",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2022-41091;  https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-41091",
             "cwes": [
                 "CWE-863"
@@ -7875,7 +8025,7 @@
             "shortDescription": "WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome.",
             "requiredAction": "Apply updates per vendor instructions.",
             "dueDate": "2022-09-15",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/groups.google.com\/g\/discuss-webrtc\/c\/5KBtZx2gvcQ;  https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-2294",
             "cwes": [
                 "CWE-122"
@@ -8326,7 +8476,7 @@
             "shortDescription": "A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application.",
             "requiredAction": "Apply updates per vendor instructions.",
             "dueDate": "2022-07-05",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-30190",
             "cwes": [
                 "CWE-610"
@@ -11412,7 +11562,7 @@
             "shortDescription": "Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.",
             "requiredAction": "Apply updates per vendor instructions.",
             "dueDate": "2022-04-15",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-21999",
             "cwes": [
                 "CWE-40",
@@ -13604,7 +13754,7 @@
             "shortDescription": "Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.",
             "requiredAction": "The impacted product is end-of-life and should be disconnected if still in use.",
             "dueDate": "2022-03-24",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2015-7645",
             "cwes": []
         },
@@ -14098,7 +14248,7 @@
             "shortDescription": "Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.",
             "requiredAction": "Apply updates per vendor instructions.",
             "dueDate": "2022-03-24",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2008-2992",
             "cwes": [
                 "CWE-119"
@@ -15215,7 +15365,7 @@
             "shortDescription": "Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability.",
             "requiredAction": "Apply updates per vendor instructions.",
             "dueDate": "2021-12-29",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-43890",
             "cwes": []
         },
@@ -16340,7 +16490,7 @@
             "shortDescription": "Atlassian Crowd and Crowd Data Center contain a remote code execution vulnerability resulting from a pdkinstall development plugin being incorrectly enabled in release builds.",
             "requiredAction": "Apply updates per vendor instructions.",
             "dueDate": "2022-05-03",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2019-11580",
             "cwes": []
         },
@@ -16756,7 +16906,7 @@
             "shortDescription": "GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.",
             "requiredAction": "Apply updates per vendor instructions.",
             "dueDate": "2021-11-17",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-22205",
             "cwes": [
                 "CWE-20",
@@ -17421,7 +17571,7 @@
             "shortDescription": "Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate privileges on the domain.",
             "requiredAction": "Apply updates per vendor instructions.",
             "dueDate": "2022-05-03",
-            "knownRansomwareCampaignUse": "Unknown",
+            "knownRansomwareCampaignUse": "Known",
             "notes": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2014-1812",
             "cwes": [
                 "CWE-255"