CISA Known Exploited Vulnerabilities (KEV)

  1. Home
  2. CISA KEV
Threat Intelligence

CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.

    7.8

    HIGH
    CVE-2020-17087 - Microsoft Windows Kernel Privilege Escalation Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-17087

    Alert Date: Nov 03, 2021 | 1630 days ago

    7.8

    HIGH
    CVE-2021-31199 - Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description :Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-31199

    Alert Date: Nov 03, 2021 | 1630 days ago

    8.8

    HIGH
    CVE-2021-30663 - Apple Multiple Products WebKit Integer Overflow Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Apple

    Description :Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain an integer overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-30663

    Alert Date: Nov 03, 2021 | 1630 days ago

    8.8

    HIGH
    CVE-2020-1020 - Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-1020

    Alert Date: Nov 03, 2021 | 1630 days ago

    7.8

    HIGH
    CVE-2021-38645 - Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description :Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability that allows for privilege escalation.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-38645

    Alert Date: Nov 03, 2021 | 1630 days ago

    10.0

    HIGH
    CVE-2017-7269 - Microsoft Windows Server Buffer Overflow Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 which allows remote attackers to execute code via a long header beginning with "If: <http://" in a PROPFIND request.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-7269

    Alert Date: Nov 03, 2021 | 1630 days ago

    7.8

    HIGH
    CVE-2021-36948 - Microsoft Windows Update Medic Service Privilege Escalation Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description :Microsoft Windows Update Medic Service contains an unspecified vulnerability that allows for privilege escalation.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-36948

    Alert Date: Nov 03, 2021 | 1630 days ago

    7.8

    HIGH
    CVE-2021-38649 - Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description :Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-38649

    Alert Date: Nov 03, 2021 | 1630 days ago

    9.3

    HIGH
    CVE-2017-0143 - Microsoft Windows Server Message Block (SMBv1) Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft Windows Server Message Block 1.0 (SMBv1) contains an unspecified vulnerability that allows for remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-0143

    Alert Date: Nov 03, 2021 | 1630 days ago

    10.0

    HIGH
    CVE-2021-1497 - Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Cisco

    Description :Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-1497

    Alert Date: Nov 03, 2021 | 1630 days ago

    9.8

    CRITICAL
    CVE-2021-1498 - Cisco HyperFlex HX Data Platform Command Injection Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Cisco

    Description :Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-1498

    Alert Date: Nov 03, 2021 | 1630 days ago

    10.0

    HIGH
    CVE-2018-0171 - Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Cisco

    Description :Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected device, cause a denial-of-service (DoS) condition, or perform code execution on the affected device.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-0171

    Alert Date: Nov 03, 2021 | 1630 days ago

    8.8

    HIGH
    CVE-2020-3118 - Cisco IOS XR Software Discovery Protocol Format String Vulnerability -

    Action Due May 03, 2022 Target Vendor : Cisco

    Description :Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute code with administrative privileges or cause a reload on an affected device.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-3118

    Alert Date: Nov 03, 2021 | 1630 days ago

    8.6

    HIGH
    CVE-2020-3566 - Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability -

    Action Due May 03, 2022 Target Vendor : Cisco

    Description :Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-3566

    Alert Date: Nov 03, 2021 | 1630 days ago

    8.6

    HIGH
    CVE-2020-3569 - Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability -

    Action Due May 03, 2022 Target Vendor : Cisco

    Description :Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-3569

    Alert Date: Nov 03, 2021 | 1630 days ago

    10.0

    HIGH
    CVE-2020-29557 - D-Link DIR-825 R1 Devices Buffer Overflow Vulnerability -

    Action Due May 03, 2022 Target Vendor : D-Link

    Description :D-Link DIR-825 R1 devices contain a buffer overflow vulnerability in the web interface that may allow for remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-29557

    Alert Date: Nov 03, 2021 | 1630 days ago

    9.8

    CRITICAL
    CVE-2020-25506 - D-Link DNS-320 Device Command Injection Vulnerability -

    Action Due May 03, 2022 Target Vendor : D-Link

    Description :D-Link DNS-320 device contains a command injection vulnerability in the sytem_mgr.cgi component that may allow for remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-25506

    Alert Date: Nov 03, 2021 | 1630 days ago

    9.8

    CRITICAL
    CVE-2018-6789 - Exim Buffer Overflow Vulnerability -

    Action Due May 03, 2022 Target Vendor : Exim

    Description :Exim contains a buffer overflow vulnerability in the base64d function part of the SMTP listener that may allow for remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-6789

    Alert Date: Nov 03, 2021 | 1630 days ago

    9.8

    CRITICAL
    CVE-2020-8657 - EyesOfNetwork Use of Hard-Coded Credentials Vulnerability -

    Action Due May 03, 2022 Target Vendor : EyesOfNetwork

    Description :EyesOfNetwork contains a use of hard-coded credentials vulnerability, as it uses the same API key by default. Exploitation allows an attacker to calculate or guess the admin access token.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-8657

    Alert Date: Nov 03, 2021 | 1630 days ago

    9.3

    HIGH
    CVE-2020-8655 - EyesOfNetwork Improper Privilege Management Vulnerability -

    Action Due May 03, 2022 Target Vendor : EyesOfNetwork

    Description :EyesOfNetwork contains an improper privilege management vulnerability that may allow a user to run commands as root via a crafted Nmap Scripting Engine (NSE) script to nmap7.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-8655

    Alert Date: Nov 03, 2021 | 1630 days ago
Showing 20 of 1581 Results

Filters