CISA Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.Y

    5.9

    CVSS31
    CVE-2017-12319 - Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial-of-Service Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Cisco

    Description : A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    9.8

    CVSS31
    CVE-2017-12240 - Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Cisco

    Description : The Dynamic Host Configuration Protocol (DHCP) relay subsystem of Cisco IOS and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    6.5

    CVSS31
    CVE-2017-12238 - Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Cisco

    Description : A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a denial of service.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    7.5

    CVSS31
    CVE-2017-12237 - Cisco IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Cisco

    Description : A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    7.5

    CVSS31
    CVE-2017-12235 - Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial-of-Service Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Cisco

    Description : A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    7.5

    CVSS31
    CVE-2017-12234 - Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Cisco

    Description : There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    7.5

    CVSS31
    CVE-2017-12233 - Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Cisco

    Description : There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    6.5

    CVSS31
    CVE-2017-12232 - Cisco IOS Software for Cisco Integrated Services Routers Denial-of-Service Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Cisco

    Description : A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    7.5

    CVSS31
    CVE-2017-12231 - Cisco IOS Software Network Address Translation Denial-of-Service Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Cisco

    Description : A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS could allow an unauthenticated, remote attacker to cause a denial of service.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    7.8

    CVSS31
    CVE-2017-11826 - Microsoft Office Remote Code Execution Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Microsoft

    Description : A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    8.8

    CVSS31
    CVE-2017-11292 - Adobe Flash Player Type Confusion Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Adobe

    Description : Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution.

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    7.8

    CVSS31
    CVE-2017-0261 - Microsoft Office Use-After-Free Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Microsoft

    Description : Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    7.8

    CVSS31
    CVE-2017-0001 - Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Microsoft

    Description : The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    7.5

    CVSS31
    CVE-2016-8562 - Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Siemens

    Description : An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor (CP) that allows a privileged attacker to remotely cause a denial of service.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    8.8

    CVSS30
    CVE-2016-7855 - Adobe Flash Player Use-After-Free Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Adobe

    Description : Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code.

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    7.8

    CVSS31
    CVE-2016-7262 - Microsoft Office Security Feature Bypass Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Microsoft

    Description : A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    7.8

    CVSS31
    CVE-2016-7193 - Microsoft Office Memory Corruption Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Microsoft

    Description : Microsoft Office contains a memory corruption vulnerability which can allow for remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    7.0

    CVSS31
    CVE-2016-5195 - Linux Kernel Race Condition Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Linux

    Description : Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    9.8

    CVSS31
    CVE-2016-4117 - Adobe Flash Player Arbitrary Code Execution Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Adobe

    Description : An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution.

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Alert Date: Mar 03, 2022 | 932 days ago

    9.8

    CVSS31
    CVE-2016-1019 - Adobe Flash Player Arbitrary Code Execution Vulnerability -

    Action Due Mar 24, 2022 Target Vendor : Adobe

    Description : Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code.

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Known

    Alert Date: Mar 03, 2022 | 932 days ago
Showing 20 of 1181 Results

Filters