CISA Known Exploited Vulnerabilities (KEV)

CVE-2018-0154 - Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Description : A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0154

CVE-2018-0151 - Cisco IOS Software and Cisco IOS XE Software Quality of Service Remote Code Execution Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Description : A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0151

CVE-2017-8540 - Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Microsoft

Description : The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-8540

CVE-2017-6744 - Cisco IOS Software SNMP Remote Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-6744

CVE-2017-6743 - Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-6743

CVE-2017-6740 - Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-6740

CVE-2017-6738 - Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-6738

CVE-2017-6737 - Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-6737

CVE-2017-6736 - Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-6736

CVE-2016-4117 - Adobe Flash Player Arbitrary Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Adobe

Description : An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution.

Action : The impacted product is end-of-life and should be disconnected if still in use.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-4117

CVE-2017-6663 - Cisco IOS Software and Cisco IOS XE Software Denial-of-Service Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to reload, resulting in denial-of-service (DoS).

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-6663

CVE-2017-12319 - Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial-of-Service Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-12319

CVE-2017-12240 - Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : The Dynamic Host Configuration Protocol (DHCP) relay subsystem of Cisco IOS and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-12240

CVE-2017-12238 - Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a denial of service.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-12238

CVE-2017-12237 - Cisco IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-12237

CVE-2017-12235 - Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial-of-Service Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-12235

CVE-2017-12234 - Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-12234

CVE-2017-12233 - Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-12233

CVE-2017-12232 - Cisco IOS Software for Cisco Integrated Services Routers Denial-of-Service Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-12232

CVE-2017-12231 - Cisco IOS Software Network Address Translation Denial-of-Service Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS could allow an unauthenticated, remote attacker to cause a denial of service.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-12231