Intelligence agencies in Australia, the U.K., and the U.S. issued a joint advisory on Wednesday detailing the most exploited vulnerabilities in 2020 and 2021, when again demonstrating how risk actors are able to weaponize publicly disclosed flaws to their edge swiftly.
“Cyber actors carry on to exploit publicly known—and frequently dated—software vulnerabilities towards wide goal sets, which includes community and non-public sector businesses worldwide,” the U.S. Cybersecurity and Infrastructure Security Company (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s Nationwide Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI) noted.
“Nonetheless, entities worldwide can mitigate the vulnerabilities listed in this report by making use of the readily available patches to their methods and employing a centralized patch administration technique.”
The major 30 vulnerabilities span a wide array of computer software, together with remote operate, digital non-public networks (VPNs), and cloud-centered systems, that deal with a wide spectrum of products and solutions from Microsoft, VMware, Pulse Secure, Fortinet, Accellion, Citrix, F5 Significant IP, Atlassian, and Drupal.
The most routinely exploited flaws in 2020 are as follows –
- CVE-2019-19781 (CVSS score: 9.8) – Citrix Software Supply Controller (ADC) and Gateway directory traversal vulnerability
- CVE-2019-11510 (CVSS score: 10.) – Pulse Join Secure arbitrary file looking at vulnerability
- CVE-2018-13379 (CVSS score: 9.8) – Fortinet FortiOS path traversal vulnerability top to program file leak
- CVE-2020-5902 (CVSS score: 9.8) – F5 Huge-IP distant code execution vulnerability
- CVE-2020-15505 (CVSS score: 9.8) – MobileIron Core & Connector distant code execution vulnerability
- CVE-2020-0688 (CVSS score: 8.8) – Microsoft Trade memory corruption vulnerability
- CVE-2019-3396 (CVSS rating: 9.8) – Atlassian Confluence Server remote code execution vulnerability
- CVE-2017-11882 (CVSS rating: 7.8) – Microsoft Workplace memory corruption vulnerability
- CVE-2019-11580 (CVSS rating: 9.8) – Atlassian Group and Group Info Middle remote code execution vulnerability
- CVE-2018-7600 (CVSS score: 9.8) – Drupal remote code execution vulnerability
- CVE-2019-18935 (CVSS rating: 9.8) – Telerik .NET deserialization vulnerability ensuing in distant code execution
- CVE-2019-0604 (CVSS score: 9.8) – Microsoft SharePoint remote code execution vulnerability
- CVE-2020-0787 (CVSS rating: 7.8) – Windows Track record Intelligent Transfer Services (BITS) elevation of privilege vulnerability
- CVE-2020-1472 (CVSS rating: 10.) – Windows Netlogon elevation of privilege vulnerability
The list of vulnerabilities that have come underneath lively attack hence considerably in 2021 are mentioned below –
- Microsoft Trade Server: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 (aka “ProxyLogon”)
- Pulse Safe: CVE-2021-22893, CVE-2021-22894, CVE-2021-22899, and CVE-2021-22900
- Accellion: CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, and CVE-2021-27104
- VMware: CVE-2021-21985
- Fortinet: CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591
The enhancement also arrives a week just after MITRE revealed a listing of top 25 “most hazardous” software program errors that could direct to major vulnerabilities that could be exploited by an adversary to take management of an impacted technique, attain delicate data, or result in a denial-of-support condition.
“The advisory […] places the electrical power in each individual organisation’s fingers to resolve the most widespread vulnerabilities, this sort of as unpatched VPN gateway products,” NCSC Director for Operations, Paul Chichester, reported, even though urging the need to have to prioritize patching to reduce the risk of becoming exploited by destructive actors.
Found this short article interesting? Follow THN on Facebook, Twitter and LinkedIn to read a lot more special written content we put up.
Some parts of this article are sourced from: