This repository contains information on published CVEs for network edge devices, as referenced in Sophos' "Pacific Rim" report. To highlight the scale of worldwide threat activity, and as a potentially useful community resource, we have compiled a list of publicly documented CVEs affecting network (and other edge) devices offered by a selection of vendors. Where relevant public research exists, we have included details on active exploitation and suspected threat actors. This information has been compiled from publicly available sources and best-effort searches of publicly available information as of mid-October 2024, as noted in the table below:
| Data Element | Source |
|---|---|
| Vendor | Vendor Website |
| Title | NIST's National Vulnerability Database (https://nvd.nist.gov/) |
| CVE | NIST's National Vulnerability Database (https://nvd.nist.gov/) |
| CVSS | NIST's National Vulnerability Database (https://nvd.nist.gov/) |
| Date of NVD publication | NIST's National Vulnerability Database (https://nvd.nist.gov/) |
| Date of vendor advisory | Vendor Website |
| Used in ransomware attacks | CISA's Known Exploited Vulnerabilities Catalog (https://www.cisa.gov/known-exploited-vulnerabilities-catalog) |
| Date added to KEV Catalog | CISA's Known Exploited Vulnerabilities Catalog (https://www.cisa.gov/known-exploited-vulnerabilities-catalog) |
| Vendor Advisory | Vendor Website |
| Date of Known Exploitation | Publicly Available Information |
| Threat actor | Publicly Available Information |
| Targets | Publicly Available Information |
Twenty-four vendors are represented in the data. This list is based on market share and general interest. Inclusion should not be interpreted as constituting any relation to the situations documented elsewhere in Pacific Rim coverage.
| Arcadyan Technology | F5 | Palo Alto Networks |
| Barracuda Networks | FatPipe Networks | Pulse Secure/ Ivanti |
| Check Point Software | Fortinet | SonicWall |
| Cisco Systems | Juniper Networks | Sophos |
| Citrix Systems | MikroTik | Sumavision Technologies |
| DASAN Networks | Netgear | Tenda |
| D-Link Systems | Netis Systems | TP-Link |
| DrayTek | Oracle | Zyxel |
A comma-separated value file with this data can be found here.