CISA Known Exploited Vulnerabilities (KEV)

CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.

9.0

HIGH

CVE-2017-6740 - Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description :The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-6740

Alert Date: Mar 03, 2022 | 1465 days ago

9.0

HIGH

CVE-2017-6739 - Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-6739

Alert Date: Mar 03, 2022 | 1465 days ago

9.0

HIGH

CVE-2017-6738 - Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description :The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-6738

Alert Date: Mar 03, 2022 | 1465 days ago

9.0

HIGH

CVE-2017-6737 - Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description :The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-6737

Alert Date: Mar 03, 2022 | 1465 days ago

9.0

HIGH

CVE-2017-6736 - Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description :The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-6736

Alert Date: Mar 03, 2022 | 1465 days ago

6.5

MEDIUM

CVE-2017-6663 - Cisco IOS Software and Cisco IOS XE Software Denial-of-Service Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description :A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to reload, resulting in denial-of-service (DoS).

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-6663

Alert Date: Mar 03, 2022 | 1465 days ago

7.5

HIGH

CVE-2017-6627 - Cisco IOS Software and Cisco IOS XE Software UDP Packet Processing Denial-of-Service Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description :A vulnerability in the UDP processing code of Cisco IOS and IOS XE could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and denial of service.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-6627

Alert Date: Mar 03, 2022 | 1465 days ago

10.0

HIGH

CVE-2017-12240 - Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description :The Dynamic Host Configuration Protocol (DHCP) relay subsystem of Cisco IOS and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-12240

Alert Date: Mar 03, 2022 | 1465 days ago

7.8

HIGH

CVE-2017-12237 - Cisco IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description :A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-12237

Alert Date: Mar 03, 2022 | 1465 days ago

7.8

HIGH

CVE-2017-12235 - Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial-of-Service Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description :A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-12235

Alert Date: Mar 03, 2022 | 1465 days ago

7.8

HIGH

CVE-2017-12233 - Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description :There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-12233

Alert Date: Mar 03, 2022 | 1465 days ago

6.5

MEDIUM

CVE-2017-12232 - Cisco IOS Software for Cisco Integrated Services Routers Denial-of-Service Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description :A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-12232

Alert Date: Mar 03, 2022 | 1465 days ago

7.8

HIGH

CVE-2017-12231 - Cisco IOS Software Network Address Translation Denial-of-Service Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description :A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS could allow an unauthenticated, remote attacker to cause a denial of service.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-12231

Alert Date: Mar 03, 2022 | 1465 days ago

9.3

HIGH

CVE-2017-11826 - Microsoft Office Remote Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Microsoft

Description :A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-11826

Alert Date: Mar 03, 2022 | 1465 days ago

8.8

HIGH

CVE-2017-11292 - Adobe Flash Player Type Confusion Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Adobe

Description :Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution.

Action :The impacted product is end-of-life and should be disconnected if still in use.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-11292

Alert Date: Mar 03, 2022 | 1465 days ago

9.3

HIGH

CVE-2017-0261 - Microsoft Office Use-After-Free Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Microsoft

Description :Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-0261

Alert Date: Mar 03, 2022 | 1465 days ago

7.8

HIGH

CVE-2017-0001 - Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Microsoft

Description :The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-0001

Alert Date: Mar 03, 2022 | 1465 days ago

7.5

HIGH

CVE-2016-8562 - Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Siemens

Description :An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor (CP) that allows a privileged attacker to remotely cause a denial of service.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-8562

Alert Date: Mar 03, 2022 | 1465 days ago

7.8

HIGH

CVE-2016-7262 - Microsoft Office Security Feature Bypass Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Microsoft

Description :A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-7262

Alert Date: Mar 03, 2022 | 1465 days ago

9.3

HIGH

CVE-2016-7193 - Microsoft Office Memory Corruption Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Microsoft

Description :Microsoft Office contains a memory corruption vulnerability which can allow for remote code execution.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-7193

Alert Date: Mar 03, 2022 | 1465 days ago

Showing 20 of 1540 Results

Filters

What are you looking for ?

Date Added

Ransomware

Sort By

Browse by Apps

CISA Known Exploited Vulnerabilities (KEV)

9.0

9.0

9.0

9.0

9.0

6.5

7.5

10.0

7.8

7.8

7.8

6.5

7.8

9.3

8.8

9.3

7.8

7.5

7.8

9.3

Filters

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable

Cookie Preferences