Alert Identifies Top 15 Most Common Vulnerabilities

2022-05-19 - Admin Sysware

Alert Identifies Top 15 Most Common Vulnerabilities

One of the most frustrating things about cybersecurity is that most of the vulnerabilities that are exploited by cybercriminals are well documented. A joint alert that was shared by the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), and United Kingdom’s National Cyber Security Centre (NCSC-UK) even goes far as to identify the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited in 2021. They include:

CVE-2021-44228. This vulnerability, known as Log4Shell, affects Apache Log4j library, an open-source logging framework. An actor can exploit this vulnerability by submitting a specially crafted request to a vulnerable system that causes that system to execute arbitrary code. The request allows a cyber actor to take full control over the system.

CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, CVE-2021-27065. These vulnerabilities, known as ProxyLogon, affect Microsoft Exchange email servers. Successful exploitation of these vulnerabilities in combination known as vulnerability chaining, allows an unauthenticated user to execute arbitrary code to gain persistent access to files and mailboxes on the servers in addition to credentials stored on the servers.

CVE-2021-34523, CVE-2021-34473, CVE-2021-31207. These vulnerabilities, known as ProxyShell, also affect Microsoft Exchange email servers. Successful exploitation of these vulnerabilities in combination enables a cybercriminal to also execute arbitrary code. These vulnerabilities reside within the Microsoft Client Access Service (CAS), which typically runs on port 443 in Microsoft Internet Information Services  (IIS) platform.

CVE-2021-26084. This vulnerability affects Atlassian Confluence Server and Data Center platforms. It too allows an unauthenticated actor to execute arbitrary code.

The alert notes that three of the top 15 routinely vulnerabilities in 2021 were also routinely exploited in 2020. Obviously, a lot of organizations are still failing to patch software in a timely manner. A recent report published by BeyondTrust, a provider of a patch management platform, notes a third of breaches are the result of a known vulnerability that was not patched.

The only real difference is the level of scrutiny that inevitably accompanies a breach. They say an ounce of prevention is always worth a pound of cure. That never been truer than when it comes to IT environments where simple inertia all too often winds up being the worst enemy of all.

Read more here :

Back to all news