CISA Known Exploited Vulnerabilities (KEV)

  1. Home
  2. CISA KEV

CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.

    7.0

    HIGH
    CVE-2019-18988 - TeamViewer Desktop Bypass Remote Login Vulnerability -

    Action Due May 03, 2022 Target Vendor : TeamViewer

    Description :TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, they could decrypt protected information stored in registry or configuration files or decryption of the Unattended Access password to the system (which allows for remote login to the system).

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-18988

    Alert Date: Nov 03, 2021 | 1588 days ago

    9.0

    HIGH
    CVE-2020-10221 - rConfig OS Command Injection Vulnerability -

    Action Due May 03, 2022 Target Vendor : rConfig

    Description :rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-10221

    Alert Date: Nov 03, 2021 | 1588 days ago

    9.0

    HIGH
    CVE-2021-34527 - Microsoft Windows Print Spooler Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation allows an attacker to perform remote code execution with SYSTEM privileges. The vulnerability is also known under the moniker of PrintNightmare.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :Reference CISA's ED 21-04 (https://www.cisa.gov/news-events/directives/ed-21-04-mitigate-windows-print-spooler-service-vulnerability) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-04. https://nvd.nist.gov/vuln/detail/CVE-2021-34527

    Alert Date: Nov 03, 2021 | 1588 days ago
Showing 20 of 1543 Results

Filters