CISA Publishes List of the Most Commonly Exploited Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC) have issued a joint cybersecurity advisory about the most common vulnerabilities exploited by cyber actors in 2020, many of which are still being widely exploited in 2021.
The advisory lists the top 30 exploited Common Vulnerabilities and Exposures (CVEs), how each vulnerability is exploited, recommended mitigations, indicators of compromise, and tools and methods that can be used to check whether the vulnerabilities have already been exploited.
Recently disclosed vulnerabilities are exploited by cyber threat actors, but most of the commonly exploited vulnerabilities are not new and were disclosed in the past two years. In 2020, the pandemic forced many businesses to switch from an office-based to a remote workforce, so it is not surprising that 4 of the most commonly exploited vulnerabilities in 2020 concern remote working solutions such as VPNs and cloud-based technologies. Since these remote working solutions are constantly in use, many businesses failed to apply patches and the vulnerabilities were exploited. It is essential that time is taken to apply patches as soon as possible and for IT teams conduct rigorous patch management.
Patches are available to address all of the most commonly exploited vulnerabilities included in the security advisory. Patching should be prioritized, starting with the vulnerabilities that are known to be currently exploited or those that are available to the largest number of potential cyber actors – for example, vulnerabilities in Internet facing systems. If it is not possible to apply patches, consider implementing temporary workarounds and other mitigations suggested by vendors.
The top 12 exploited vulnerabilities in 2020 are detailed in the table below
|Citrix||CVE-2019-19781||arbitrary code execution|
|Pulse||CVE 2019-11510||arbitrary file reading|
|Fortinet||CVE 2018-13379||path traversal|
|F5- Big IP||CVE 2020-5902||remote code execution (RCE)|
|Microsoft||CVE-2020-0787||elevation of privilege|
|Netlogon||CVE-2020-1472||elevation of privilege|
In 2021, cyber actors continued to target vulnerabilities in perimeter-type devices, with the most commonly exploited flaws in Pulse, Accellion, VMware, Fortinet, and Microsoft Exchange. CISA is urging security teams to prioritize patching for the following vulnerabilities, which have been extensively exploited in 2021 in addition to addressing the above vulnerabilities.
|Microsoft Exchange||CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065|
|Pulse Secure||CVE-2021-22893, CVE-2021-22894, CVE-2021-22899, and CVE-2021-22900|
|Accellion||CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104|
|Fortinet||CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591|