Australian Cyber Security Centre (ACSC), the UK National Cyber Security Centre (NCSC), the US Cybersecurity and Infrastructure Security Agency (CISA), and the US Federal Bureau of Investigation (FBI) have issued a joint advisory listing the top 30 most targeted vulnerabilities throughout 2020 and 2021.
The cybersecurity agencies identified the following issues as the topmost exploited vulnerabilities by threat actors from 2020:
CVE-2019-19781 – Citrix Netscaler Directory Traversal
CVE-2019-11510 – Pulse Secure Connect VPN Unauthenticated Arbitrary File Disclosure
CVE-2018-13379 – Fortinet FortioOS Secure Socket Layer VPN Unauthenticated Directory Traversal
CVE-2020-5902 – F5 Big IP Traffic Management User Interface Remote Code Execution
CVE-2020-15505 – MobileIron Core & Connector Remote Code Execution
CVE-2020-0688 – Microsoft Exchange Memory Corruption/Remote Code Execution
CVE-2019-3396 – Atlassian Confluence Server Widget Connector Remote Code Execution
CVE-2017-11882 – Microsoft Office Memory Corruption/Remote Code Execution
CVE-2019-11580 – Atlassian Crowd and Crowd Data Center Remote Code Execution
CVE-2018-7600 – Drupal Core Multiple Remote Code Execution
CVE-2019-18935 – Telerik UI for ASP.NET AJAX Insecure Deserialization
CVE-2019-0604 – Microsoft SharePoint Remote Code Execution
CVE-2020-0787 – Windows Background Intelligent Transfer Service Elevation of Privilege
CVE-2020-1472 – Windows Netlogon Elevation of Privilege
Among above mentioned, CVE-2019-19781 was the most exploited flaw in 2020, according to the advisory.
“Identified as emerging targets in early 2020, unremediated instances of CVE-2019-19781 and CVE-2019-11510 continued to be exploited throughout the year by nation-state advanced persistent threat actors (APTs) who leveraged these and other vulnerabilities, such as CVE-2018-13379, in VPN services to compromise an array of organizations, including those involved in COVID-19 vaccine development,” the CISA said.
The second list of vulnerabilities shared by the ACSC, NCSC, CISA, and the FBI includes the flaws most regularly targeted by malicious actors in 2021. Those are:
Microsoft Exchange: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065
Pulse Secure: CVE-2021-22893, CVE-2021-22894, CVE-2021-22899, and CVE-2021-22900
Accellion: CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104
VMware: CVE-2021-21985
Fortinet: CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591
“One of the most effective best practices to mitigate many vulnerabilities is to update software versions once patches are available and as soon as is practicable. If this is not possible, consider applying temporary workarounds or other mitigations, if provided by the vendor. If an organization is unable to update all software shortly after a patch is released, prioritize implementing patches for CVEs that are already known to be exploited or that would be accessible to the largest number of potential attackers (such as internet-facing systems),” the cybersecurity agency advised.
“Additionally, attackers commonly exploit weak authentication processes, particularly in external-facing devices. Organizations should require multi-factor authentication to remotely access networks from external sources, especially for administrator or privileged accounts.”