Cybersecurity agencies from member countries of the Five Eyes intelligence alliance have recently released a list of the top 12 vulnerabilities that have been routinely exploited in 2022. In addition to these 12 vulnerabilities, they have also identified 30 additional ones that have been popular among attackers.
According to a cybersecurity advisory from the Cybersecurity and Infrastructure Security Agency (CISA), malicious cyber actors in 2022 have been focusing on exploiting older software vulnerabilities rather than recently disclosed ones. They have been targeting unpatched, internet-facing systems, taking advantage of the fact that proof of concept (PoC) code for many of these vulnerabilities is publicly available. This accessibility of PoC code has made it easier for a broader range of malicious cyber actors to exploit these vulnerabilities.
Among the top 12 vulnerabilities that have been frequently exploited in 2022 are:
1. CVE-2018-13379: This vulnerability is a path traversal flaw in the Fortinet SSL VPN web portal. Attackers have been able to exploit this vulnerability to gain unauthorized access to sensitive information.
2. CVE-2021-34473, CVE-2021-31207, CVE-2021-34523: These are collectively known as ProxyShell vulnerabilities and they affect Microsoft Exchange servers. Attackers have been using these vulnerabilities to achieve pre-authenticated remote code execution.
3. CVE-2021-40539: This vulnerability is an authentication bypass vulnerability in Zoho ManageEngine AD SelfService Plus. Attackers have been able to bypass authentication mechanisms and gain unauthorized access to the affected systems.
4. CVE-2021-26084: This vulnerability is an object-graph navigation language (OGNL) injection vulnerability in Confluence Server or Data Center. Attackers have been exploiting this vulnerability to execute arbitrary code on affected instances.
5. CVE-2021-44228 (Log4Shell): This vulnerability is a remote code execution vulnerability in Apache Log4j, a popular Java logging library. Attackers have been able to execute arbitrary code by submitting a specific request, giving them full control over the system.
6. CVE-2022-22954, CVE-2022-22960: These vulnerabilities include remote code execution (RCE), privilege escalation, and authentication bypass vulnerabilities in VMware Workspace ONE Access, Identity Manager, and other VMware products.
7. CVE-2022-1388: This vulnerability exists in F5 BIG-IP and allows unauthenticated threat actors to execute arbitrary system commands, create or delete files, or disable services.
8. CVE-2022-30190: This vulnerability is a remote code execution vulnerability affecting Microsoft Windows Support Diagnostic Tool (MSDT). An unauthenticated threat actor can exploit this vulnerability to take control of the system remotely.
9. CVE-2022-26134: This vulnerability is a remote code execution vulnerability in Atlassian Confluence Data Center and Server.
In addition to these top 12 vulnerabilities, there are also 30 additional vulnerabilities that have been frequently exploited by attackers. These include vulnerabilities in solutions by Citrix, Microsoft, Ivanti, SonicWALL, Fortinet, QNAP, and other software manufacturers.
It is worth noting that some of these vulnerabilities date back to 2017 and 2018, yet they are still being widely exploited by malicious actors. To enhance cybersecurity resilience, organizations are advised to apply all security updates promptly. Furthermore, software vendors are urged to prioritize security in their product design to alleviate the burden of responsibility on consumers.
Jonathon Ellison, the Director of Resilience and Future Technology at the UK’s National Cyber Security Centre (NCSC), emphasized the importance of prompt security updates and called on software vendors to prioritize security in their products. By doing so, the responsibility for ensuring robust cybersecurity shifts away from consumers and becomes a shared effort between vendors and users.
In conclusion, the release of this list of frequently exploited vulnerabilities serves as a reminder of the ongoing challenges faced in the cybersecurity landscape. It highlights the need for organizations and software vendors to remain vigilant and proactive in addressing vulnerabilities to protect against potential cyber threats.