CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
10.0
CVE-2017-6316 - Citrix Multiple Products Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Citrix
Description :A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthenticated, remote attacker being able to execute arbitrary code as a root user. This vulnerability also affects XenMobile Server.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-6316
10.0
CVE-2017-3881 - Cisco IOS and IOS XE Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Cisco
Description :A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-3881
8.1
CVE-2017-12617 - Apache Tomcat Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Apache
Description :When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-12617
8.1
CVE-2017-12615 - Apache Tomcat on Windows Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Apache
Description :When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 25, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-12615
9.3
CVE-2017-0146 - Microsoft Windows SMB Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description :The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 25, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-0146
9.3
CVE-2016-7892 - Adobe Flash Player Use-After-Free Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Adobe
Description :Adobe Flash Player has an exploitable use-after-free vulnerability in the TextField class.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-7892
10.0
CVE-2016-4171 - Adobe Flash Player Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Adobe
Description :Unspecified vulnerability in Adobe Flash Player allows for remote code execution.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-4171
10.0
CVE-2016-1555 - NETGEAR Multiple WAP Devices Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : NETGEAR
Description :Multiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-1555
9.0
CVE-2016-11021 - D-Link DCS-930L Devices OS Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : D-Link
Description :setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-11021
8.1
CVE-2014-3120 - Elasticsearch Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Elastic
Description :Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2014-3120
7.8
CVE-2010-4345 - Exim Privilege Escalation Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Exim
Description :Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2010-4345
9.8
CVE-2010-4344 - Exim Heap-Based Buffer Overflow Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Exim
Description :Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2010-4344
10.0
CVE-2018-11138 - Quest KACE System Management Appliance Remote Command Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Quest
Description :The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 25, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-11138
10.0
CVE-2018-0147 - Cisco Secure Access Control System Java Deserialization Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Cisco
Description :A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-0147
10.0
CVE-2018-0125 - Cisco VPN Routers Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Cisco
Description :A vulnerability in the web interface of the Cisco VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as root and gain full control of an affected system.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-0125
10.0
CVE-2015-1187 - D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : D-Link and TRENDnet
Description :The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2015-1187
7.8
CVE-2015-0666 - Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Cisco
Description :Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) allows remote attackers to read arbitrary files.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2015-0666
7.5
CVE-2014-0130 - Ruby on Rails Directory Traversal Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Rails
Description :Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2014-0130
7.8
CVE-2019-1322 - Microsoft Windows Privilege Escalation Vulnerability -
Action Due Apr 05, 2022 Target Vendor : Microsoft
Description :A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 15, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-1322
7.8
CVE-2019-0543 - Microsoft Windows Privilege Escalation Vulnerability -
Action Due Apr 05, 2022 Target Vendor : Microsoft
Description :A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 15, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-0543