CISA Known Exploited Vulnerabilities (KEV)
9.0
CVE-2019-12991 - Citrix SD-WAN and NetScaler Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Citrix
Description : Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-12991
9.8
CVE-2019-12989 - Citrix SD-WAN and NetScaler SQL Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Citrix
Description : Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-12989
9.8
CVE-2019-10068 - Kentico Xperience Deserialization of Untrusted Data Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Kentico
Description : Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-10068
9.9
CVE-2019-1003030 - Jenkins Matrix Project Plugin Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Jenkins
Description : Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-1003030
9.3
CVE-2019-0903 - Microsoft GDI Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description : A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-0903
9.3
CVE-2018-8414 - Microsoft Windows Shell Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description : A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-8414
7.6
CVE-2018-8373 - Microsoft Scripting Engine Memory Corruption Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description : A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-8373
8.1
CVE-2018-6961 - VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : VMware
Description : VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-6961
9.8
CVE-2018-14839 - LG N1A1 NAS Remote Command Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : LG
Description : LG N1A1 NAS 3718.510 is affected by a remote code execution vulnerability.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-14839
9.8
CVE-2018-1273 - VMware Tanzu Spring Data Commons Property Binder Vulnerability -
Action Due Apr 15, 2022 Target Vendor : VMware Tanzu
Description : Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-1273
10.0
CVE-2018-0147 - Cisco Secure Access Control System Java Deserialization Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Cisco
Description : A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0147
10.0
CVE-2018-0125 - Cisco VPN Routers Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Cisco
Description : A vulnerability in the web interface of the Cisco VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as root and gain full control of an affected system.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0125
9.0
CVE-2017-6334 - NETGEAR DGN2200 Devices OS Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : NETGEAR
Description : dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-6334
10.0
CVE-2017-6316 - Citrix Multiple Products Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Citrix
Description : A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthenticated, remote attacker being able to execute arbitrary code as a root user. This vulnerability also affects XenMobile Server.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-6316
10.0
CVE-2017-3881 - Cisco IOS and IOS XE Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Cisco
Description : A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-3881
8.1
CVE-2017-12617 - Apache Tomcat Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Apache
Description : When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-12617
9.3
CVE-2017-0146 - Microsoft Windows SMB Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description : The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-0146
9.3
CVE-2016-7892 - Adobe Flash Player Use-After-Free Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Adobe
Description : Adobe Flash Player has an exploitable use-after-free vulnerability in the TextField class.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-7892
10.0
CVE-2016-4171 - Adobe Flash Player Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Adobe
Description : Unspecified vulnerability in Adobe Flash Player allows for remote code execution.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-4171
10.0
CVE-2016-1555 - NETGEAR Multiple WAP Devices Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : NETGEAR
Description : Multiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-1555