Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Cisco | Cisco IP Phones

CVE-2020-3161

Cisco IP Phones Web Server Remote Code Execution and Denial-of-Service Vulnerability: Cisco IP Phones contain an improper input validation vulnerability for HTTP requests. Exploitation could allow an attacker to execute code remotely with root privileges or cause a denial-of-service (DoS) condition.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Cisco | Small Business RV320 and RV325 Routers

CVE-2019-1653

Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability: Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contain improper access controls for URLs. Exploitation could allow an attacker to download the router configuration or detailed diagnostic information.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Cisco | Adaptive Security Appliance (ASA)

CVE-2018-0296

Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability: Cisco Adaptive Security Appliance (ASA) contains an improper input validation vulnerability with HTTP URLs. Exploitation could allow an attacker to cause a denial-of-service (DoS) condition or information disclosure.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Citrix | StoreFront Server

CVE-2019-13608

Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability: Citrix StoreFront Server contains an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information.

Related CWE: CWE-611

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Citrix | Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance

CVE-2020-8193

Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability: Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL endpoints. The attacker must have access to the NetScaler IP (NSIP) in order to perform exploitation.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Citrix | Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance

CVE-2020-8195

Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability: Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Citrix | Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance

CVE-2020-8196

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Citrix | Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance

CVE-2019-19781

Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability: Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Citrix | Workspace Application and Receiver for Windows

CVE-2019-11634

Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability: Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

D-Link | DIR-825 R1 Devices

CVE-2020-29557

D-Link DIR-825 R1 Devices Buffer Overflow Vulnerability: D-Link DIR-825 R1 devices contain a buffer overflow vulnerability in the web interface that may allow for remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

D-Link | DNS-320 Device

CVE-2020-25506

D-Link DNS-320 Device Command Injection Vulnerability: D-Link DNS-320 device contains a command injection vulnerability in the sytem_mgr.cgi component that may allow for remote code execution.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

DotNetNuke (DNN) | DotNetNuke (DNN)

CVE-2018-15811

DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability: DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters.

Related CWE: CWE-326

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

DotNetNuke (DNN) | DotNetNuke (DNN)

CVE-2018-18325

Related CWE: CWE-326

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

DotNetNuke (DNN) | DotNetNuke (DNN)

CVE-2017-9822

DotNetNuke (DNN) Remote Code Execution Vulnerability: DotNetNuke (DNN) contains a vulnerability that may allow for remote code execution via cookie deserialization.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Docker | Desktop Community Edition

CVE-2019-15752

Docker Desktop Community Edition Privilege Escalation Vulnerability: Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\.

Related CWE: CWE-732

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

DrayTek | Multiple Vigor Routers

CVE-2020-8515

Multiple DrayTek Vigor Routers Web Management Page Vulnerability: DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Drupal | Drupal Core

CVE-2018-7600

Drupal Core Remote Code Execution Vulnerability: Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

GitLab | Community and Enterprise Editions

CVE-2021-22205

GitLab Community and Enterprise Editions Remote Code Execution Vulnerability: GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.

Related CWEs: CWE-20| CWE-95

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Exim | Exim

CVE-2018-6789

Exim Buffer Overflow Vulnerability: Exim contains a buffer overflow vulnerability in the base64d function part of the SMTP listener that may allow for remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

EyesOfNetwork | EyesOfNetwork

CVE-2020-8657

EyesOfNetwork Use of Hard-Coded Credentials Vulnerability: EyesOfNetwork contains a use of hard-coded credentials vulnerability, as it uses the same API key by default. Exploitation allows an attacker to calculate or guess the admin access token.

Related CWE: CWE-798

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates