Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Sophos | XG Firewall

CVE-2020-15069

Sophos XG Firewall Buffer Overflow Vulnerability: Sophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the "HTTP/S bookmark" feature.

Related CWE: CWE-120

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-02-06
Due Date: 2025-02-27

Additional Notes

Sophos | CyberoamOS

CVE-2020-29574

CyberoamOS (CROS) SQL Injection Vulnerability: CyberoamOS (CROS) contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

Date Added: 2025-02-06
Due Date: 2025-02-27

Additional Notes

Dahua | IP Camera Firmware

CVE-2021-33045

Dahua IP Camera Authentication Bypass Vulnerability: Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-08-21
Due Date: 2024-09-11

Additional Notes

Dahua | IP Camera Firmware

CVE-2021-33044

Dahua IP Camera Authentication Bypass Vulnerability: Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument is specified by the client during authentication.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-08-21
Due Date: 2024-09-11

Additional Notes

Sophos | Web Appliance

CVE-2023-1671

Sophos Web Appliance Command Injection Vulnerability: Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution.

Related CWE: CWE-77

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-11-16
Due Date: 2023-12-07

Additional Notes

Sophos | Firewall

CVE-2022-3236

Sophos Firewall Code Injection Vulnerability: A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-09-23
Due Date: 2022-10-14

Additional Notes

MikroTik | RouterOS

CVE-2018-7445

MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability: In MikroTik RouterOS, a stack-based buffer overflow occurs when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-09-08
Due Date: 2022-09-29

Additional Notes

Sophos | Firewall

CVE-2022-1040

Sophos Firewall Authentication Bypass Vulnerability: An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.

Related CWE: CWE-158

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-31
Due Date: 2022-04-21

Additional Notes

Sophos | SG UTM

CVE-2020-25223

Sophos SG UTM Remote Code Execution Vulnerability: A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

MikroTik | RouterOS

CVE-2018-14847

MikroTik Router OS Directory Traversal Vulnerability: MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-01
Due Date: 2022-06-01

Additional Notes

Sophos | SFOS

CVE-2020-12271

Sophos SFOS SQL Injection Vulnerability: Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates