CISA Known Exploited Vulnerabilities (KEV)

CVE-2018-0173 - Cisco IOS and IOS XE Software Improper Input Validation Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Description : A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets can allow for denial-of-service (DoS).

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0173

CVE-2018-0156 - Cisco IOS Software and Cisco IOS XE Software Smart Install Denial-of-Service Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Description : A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial-of-service (DoS) condition.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0156

CVE-2017-12319 - Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial-of-Service Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-12319

CVE-2017-12237 - Cisco IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-12237

CVE-2017-12235 - Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial-of-Service Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-12235

CVE-2017-12234 - Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description : There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-12234

CVE-2015-2590 - Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Oracle

Description : An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-2590

CVE-2015-2424 - Microsoft PowerPoint Memory Corruption Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Microsoft

Description : Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-2424

CVE-2013-1347 - Microsoft Internet Explorer Remote Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Microsoft

Description : This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-1347

CVE-2013-0632 - Adobe ColdFusion Authentication Bypass Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Adobe

Description : An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-0632

CVE-2012-4681 - Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Oracle

Description : The Java Runtime Environment (JRE) component in Oracle Java SE allow for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Feb 26, 2026

Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-4681

CVE-2004-0210 - Microsoft Windows Privilege Escalation Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Microsoft

Description : A privilege elevation vulnerability exists in the POSIX subsystem. This vulnerability could allow a logged on user to take complete control of the system.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2004-0210

CVE-2009-1123 - Microsoft Windows Improper Input Validation Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Microsoft

Description : The kernel in Microsoft Windows does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2009-1123

CVE-2013-0641 - Adobe Reader Buffer Overflow Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Adobe

Description : A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-0641

CVE-2015-3043 - Adobe Flash Player Memory Corruption Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Adobe

Description : A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.

Action : The impacted product is end-of-life and should be disconnected if still in use.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-3043

CVE-2020-11899 - Treck TCP/IP stack Out-of-Bounds Read Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Treck TCP/IP stack

Description : The Treck TCP/IP stack contains an IPv6 out-of-bounds read vulnerability.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-11899

CVE-2018-0155 - Cisco Catalyst Bidirectional Forwarding Detection Denial-of-Service Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Description : A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial-of-service (DoS) condition.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0155

CVE-2018-0154 - Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Description : A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0154

CVE-2018-0151 - Cisco IOS Software and Cisco IOS XE Software Quality of Service Remote Code Execution Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Description : A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0151

CVE-2017-8540 - Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Microsoft

Description : The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-8540