CISA Known Exploited Vulnerabilities (KEV)

Threat Intelligence

CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.

7.5

HIGH

CVE-2018-0296 - Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability -

Action Due May 03, 2022 Target Vendor : Cisco

Description :Cisco Adaptive Security Appliance (ASA) contains an improper input validation vulnerability with HTTP URLs. Exploitation could allow an attacker to cause a denial-of-service (DoS) condition or information disclosure.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-0296

Alert Date: Nov 03, 2021 | 1632 days ago

9.8

CRITICAL

CVE-2021-42258 - BQE BillQuick Web Suite SQL Injection Vulnerability -

Action Due Nov 17, 2021 Target Vendor : BQE

Description :BQE BillQuick Web Suite contains an SQL injection vulnerability when accessing the username parameter that may allow for unauthenticated, remote code execution.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-42258

Alert Date: Nov 03, 2021 | 1632 days ago

7.5

HIGH

CVE-2020-3452 - Cisco ASA and FTD Read-Only Path Traversal Vulnerability -

Action Due May 03, 2022 Target Vendor : Cisco

Description :Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an improper input validation vulnerability when HTTP requests process URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-3452

Alert Date: Nov 03, 2021 | 1632 days ago

7.5

HIGH

CVE-2019-13608 - Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability -

Action Due May 03, 2022 Target Vendor : Citrix

Description :Citrix StoreFront Server contains an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-13608

Alert Date: Nov 03, 2021 | 1632 days ago

6.5

MEDIUM

CVE-2020-8195 - Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability -

Action Due May 03, 2022 Target Vendor : Citrix

Description :Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-8195

Alert Date: Nov 03, 2021 | 1632 days ago

7.8

HIGH

CVE-2021-1732 - Microsoft Win32k Privilege Escalation Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Microsoft

Description :Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-1732

Alert Date: Nov 03, 2021 | 1632 days ago

7.8

HIGH

CVE-2019-0803 - Microsoft Win32k Privilege Escalation Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description :Microsoft Win32k contains an unspecified vulnerability due to it failing to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-0803

Alert Date: Nov 03, 2021 | 1632 days ago

9.0

CRITICAL

CVE-2020-1040 - Microsoft Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description :Microsoft Hyper-V RemoteFX vGPU contains an improper input validation vulnerability due to the host server failing to properly validate input from an authenticated user on a guest operating system. Successful exploitation allows for remote code execution on the host operating system.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-1040

Alert Date: Nov 03, 2021 | 1632 days ago

7.8

HIGH

CVE-2021-28310 - Microsoft Win32k Privilege Escalation Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Microsoft

Description :Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-28310

Alert Date: Nov 03, 2021 | 1632 days ago

9.8

CRITICAL

CVE-2020-25506 - D-Link DNS-320 Device Command Injection Vulnerability -

Action Due May 03, 2022 Target Vendor : D-Link

Description :D-Link DNS-320 device contains a command injection vulnerability in the sytem_mgr.cgi component that may allow for remote code execution.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-25506

Alert Date: Nov 03, 2021 | 1632 days ago

10.0

CRITICAL

CVE-2020-1350 - Microsoft Windows DNS Server Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description :Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :Reference CISA's ED 20-03 (https://www.cisa.gov/news-events/directives/ed-20-03-mitigate-windows-dns-server-remote-code-execution-vulnerability-july-2020-patch-tuesday) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 20-03. https://nvd.nist.gov/vuln/detail/CVE-2020-1350

Alert Date: Nov 03, 2021 | 1632 days ago

9.3

HIGH

CVE-2019-15752 - Docker Desktop Community Edition Privilege Escalation Vulnerability -

Action Due May 03, 2022 Target Vendor : Docker

Description :Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-15752

Alert Date: Nov 03, 2021 | 1632 days ago

8.8

HIGH

CVE-2021-26411 - Microsoft Internet Explorer Memory Corruption Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Microsoft

Description :Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-26411

Alert Date: Nov 03, 2021 | 1632 days ago

9.3

HIGH

CVE-2017-8759 - Microsoft .NET Framework Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description :Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-8759

Alert Date: Nov 03, 2021 | 1632 days ago

7.6

HIGH

CVE-2018-8653 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description :Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-8653

Alert Date: Nov 03, 2021 | 1632 days ago

10.0

HIGH

CVE-2021-1497 - Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Cisco

Description :Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-1497

Alert Date: Nov 03, 2021 | 1632 days ago

7.8

HIGH

CVE-2019-0797 - Microsoft Win32k Privilege Escalation Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description :Microsoft Win32k contains a privilege escalation vulnerability when the Win32k component fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kernel mode.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-0797

Alert Date: Nov 03, 2021 | 1632 days ago

10.0

HIGH

CVE-2020-3161 - Cisco IP Phones Web Server Remote Code Execution and Denial-of-Service Vulnerability -

Action Due May 03, 2022 Target Vendor : Cisco

Description :Cisco IP Phones contain an improper input validation vulnerability for HTTP requests. Exploitation could allow an attacker to execute code remotely with root privileges or cause a denial-of-service (DoS) condition.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-3161

Alert Date: Nov 03, 2021 | 1632 days ago

7.5

HIGH

CVE-2019-1653 - Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability -

Action Due May 03, 2022 Target Vendor : Cisco

Description :Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contain improper access controls for URLs. Exploitation could allow an attacker to download the router configuration or detailed diagnostic information.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-1653

Alert Date: Nov 03, 2021 | 1632 days ago

7.5

HIGH

CVE-2021-36942 - Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Microsoft

Description :Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-36942

Alert Date: Nov 03, 2021 | 1632 days ago

Showing 20 of 1582 Results

Filters

What are you looking for ?

Date Added

Ransomware

Sort By

Browse by Apps

CISA Known Exploited Vulnerabilities (KEV)

7.5

9.8

7.5

7.5

6.5

7.8

7.8

9.0

7.8

9.8

10.0

9.3

8.8

9.3

7.6

10.0

7.8

10.0

7.5

7.5

Filters

Cookie Preferences