Decoding CISA Known Exploited Vulnerabilities

Dec 23: CSW Patch Watch & Security Updates

Posted on Jan 8, 2021 | By Pavithra Shankar

Highlights of Patch Watch Issue 9


  1. Here is our analysis of 367 vulnerabilities that were patched.

  • 30 CVEs have publicly known exploits

  • 337 are yet to be weaponized

  1. 30 vulnerabilities are weaponized.

  • CISA has issued warning alerts for 3 vulnerabilities

  • 2 CVEs with Remote Code Execution

  • 1 CVE with Privilege Escalation and local exploit

  • 19 CVEs are associated with Web App exploits

  • 6 CVEs are linked with Denial of Service

  • 14 CVEs are rated high and 15 CVEs of medium severity

  1. 101 old vulnerabilities have been released patches ranging from 2015 to 2019.

  • 11 CVEs have known exploits

  • 4 CVEs have been issued an alert by CISA

  • Of these, 12 CVEs are critical, 8 are high, and 76 of medium severity

Ransomware detections have been more dominant in countries with higher numbers of internet-connected populations. The United States ranks highest, with 18.2% of all ransomware attacks. Therefore, it is essential to fix the old vulnerabilities at the earliest as it opens doors to a high rate of ransomware attacks.


  1. CISA has issued an alert for 14 vulnerabilities. Out of these, 1 CVE is rated critical, 1 with high and 6 of medium severity. 

Table: Vulnerability Patches 

Hundreds of patches are released each month for many popular products. Prioritizing the patches based on dangerous exploits, CISA alerts, ransomware & APT group associations will help Security teams fix vulnerabilities that could be potentially used by threat actors.

Never miss a patch or an update with CSW’s Patch Watch Newsletter. Subscribe now!

Test your defense to know how secure you are…