Top Exploited Vulnerabilities of 2020 and 2021
A Joint Cybersecurity Advisory (JCA), coauthored by the US Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the UK’s National Cyber Security Centre (NCSC), and the FBI, has found that, in 2020, cyber actors readily exploited disclosed vulnerabilities - the majority of which were disclosed during the past two years - to compromise unpatched systems.
Four of the most targeted vulnerabilities affected remote work, VPNs, or cloud-based technologies; a fact more than likely due to the volume of 'out of office' work brought about by COVID.
CISA, ACSC, NCSC, and FBI consider the following vulnerabilities to be the topmost regularly exploited CVEs by cyber actors during 2020:
Citrix - CVE-2019-19781 - arbitrary code execution
Pulse - CVE-2019-11510 - arbitrary file reading
Fortinet - CVE-2018-13379 - path traversal
F5- Big IP - CVE-2020-5902 - remote code execution (RCE)
MobileIron - CVE-2020-15505 - RCE
Microsoft - CVE-2017-11882 - RCE
Atlassian - CVE-2019-11580 - RCE
Drupal - CVE-2018-7600 - RCE
Telerik - CVE-2019-18935 - RCE
Microsoft - CVE-2019-0604 - RCE
Microsoft - CVE-2020-0787 - elevation of privilege
Netlogon - CVE-2020-1472 - elevation of privilege
In 2021, cyber actors have continued targeting vulnerabilities in perimeter-type devices. The JCA states that priority should be given for patching for the following CVEs, which are known to be exploited ...
Microsoft Exchange:
Pulse Secure:
Accellion:
VMware:
Fortinet:
The JCA advises that updating software versions once patches are available is the best way to mitigate many vulnerabilities. However, they state that if this isn't possible, "consider applying temporary workarounds or other mitigations, if provided by the vendor ... to further assist remediation, automatic software updates should be enabled whenever possible."
Businesses often use multiple software and keeping across all the vendors and their updates etc can be time-consuming and lead to missed alerts which, in turn, leaves them at risk. Automated software updates is one way of preventing this.
Bad actors ply their trade in many ways and using software vulnerabilities to access computers and their networks is one of them. Making sure your software is up to date is one way to ensure the safety of your business.
