CISA Known Exploited Vulnerabilities (KEV)

CVE-2020-1472 - Microsoft Netlogon Privilege Escalation Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An attacker who successfully exploits the vulnerability could run a specially crafted application on a device on the network. The vulnerability is also known under the moniker of Zerologon.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes : Reference CISA's ED 20-04 (https://www.cisa.gov/news-events/directives/ed-20-04-mitigate-netlogon-elevation-privilege-vulnerability-august-2020-patch-tuesday) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 20-04. https://nvd.nist.gov/vuln/detail/CVE-2020-1472

CVE-2019-18988 - TeamViewer Desktop Bypass Remote Login Vulnerability -

Action Due May 03, 2022 Target Vendor : TeamViewer

Description : TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, they could decrypt protected information stored in registry or configuration files or decryption of the Unattended Access password to the system (which allows for remote login to the system).

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-18988

CVE-2019-18935 - Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability -

Action Due May 03, 2022 Target Vendor : Progress

Description : Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-18935

CVE-2020-10199 - Sonatype Nexus Repository Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Sonatype

Description : Sonatype Nexus Repository contains an unspecified vulnerability that allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-10199

CVE-2020-11738 - WordPress Snap Creek Duplicator Plugin File Download Vulnerability -

Action Due May 03, 2022 Target Vendor : WordPress

Description : WordPress Snap Creek Duplicator plugin contains a file download vulnerability when an administrator creates a new copy of their site that allows an attacker to download the generated files from their Wordpress dashboard. This vulnerability affects Duplicator and Dulplicator Pro.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-11738

CVE-2016-3643 - SolarWinds Virtualization Manager Privilege Escalation Vulnerability -

Action Due May 03, 2022 Target Vendor : SolarWinds

Description : SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-3643

CVE-2019-0797 - Microsoft Win32k Privilege Escalation Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Win32k contains a privilege escalation vulnerability when the Win32k component fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kernel mode.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-0797

CVE-2018-8653 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-8653

CVE-2017-8759 - Microsoft .NET Framework Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-8759

CVE-2021-26858 - Microsoft Exchange Server Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes : Reference CISA's ED 21-02 (https://www.cisa.gov/news-events/directives/ed-21-02-mitigate-microsoft-exchange-premises-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-02. https://nvd.nist.gov/vuln/detail/CVE-2021-26858

CVE-2019-0859 - Microsoft Win32k Privilege Escalation Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Win32k fails to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-0859

CVE-2021-23874 - McAfee Total Protection (MTP) Improper Privilege Management Vulnerability -

Action Due Nov 17, 2021 Target Vendor : McAfee

Description : McAfee Total Protection (MTP) contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-defense.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-23874

CVE-2020-7961 - Liferay Portal Deserialization of Untrusted Data Vulnerability -

Action Due May 03, 2022 Target Vendor : Liferay

Description : Liferay Portal contains a deserialization of untrusted data vulnerability that allows remote attackers to execute code via JSON web services.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-7961

CVE-2021-30551 - Google Chromium V8 Type Confusion Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Google

Description : Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30551

CVE-2019-7481 - SonicWall SMA100 SQL Injection Vulnerability -

Action Due May 03, 2022 Target Vendor : SonicWall

Description : SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-7481

CVE-2018-15811 - DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability -

Action Due May 03, 2022 Target Vendor : DotNetNuke (DNN)

Description : DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-15811

CVE-2020-25506 - D-Link DNS-320 Device Command Injection Vulnerability -

Action Due May 03, 2022 Target Vendor : D-Link

Description : D-Link DNS-320 device contains a command injection vulnerability in the sytem_mgr.cgi component that may allow for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-25506

CVE-2020-29557 - D-Link DIR-825 R1 Devices Buffer Overflow Vulnerability -

Action Due May 03, 2022 Target Vendor : D-Link

Description : D-Link DIR-825 R1 devices contain a buffer overflow vulnerability in the web interface that may allow for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-29557

CVE-2020-3118 - Cisco IOS XR Software Discovery Protocol Format String Vulnerability -

Action Due May 03, 2022 Target Vendor : Cisco

Description : Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute code with administrative privileges or cause a reload on an affected device.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-3118

CVE-2014-1812 - Microsoft Windows Group Policy Preferences Password Privilege Escalation Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate privileges on the domain.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Feb 26, 2026

Notes : https://nvd.nist.gov/vuln/detail/CVE-2014-1812