Exploited Vulnerabilities for 2021

The annual list of the top routinely exploited vulnerabilities released by CISA is a sobering reminder to software developers that old flaws are still a viable attack vector, and they require a lower level of technical expertise to exploit than a brand new zero-day vulnerability. Moreover, most of these flaws have publicly available exploit code. Those that are easy to exploit are worthy of being moved to the top of the patch list.

The CISA advisory, which was released in collaboration with the Federal Bureau of Investigation and several other organizations, outlines the top exploited CVEs for 2021. While some threat actors continue to exploit old vulnerabilities, new ones are becoming the most popular. Hence, organizations should patch their current vulnerabilities and stay one step ahead of attackers. The advisory states that these exploits are still widespread, but organizations must be aware that threat actors can rapidly update and discover new vulnerabilities.

Similarly, CVE-2018-11882, which affects Microsoft Office, is another routinely exploited vulnerability. It allows non-authenticated attackers to download FortiProxy system files. To exploit this vulnerability, a malicious actor needs to craft specially crafted HTTP resource requests. Threat actors have already used this vulnerability to spread ransomware and steal sensitive data. Fortunately, Check Point’s Quantum Intrusion Prevention System (IPS) and Next Generation Firewall automatically update to patch the vulnerability.

The top 15 CVEs for 2021 were recently published by the Cybersecurity and Infrastructure Security Agency. They include vulnerabilities that affect Windows systems, software, and networking equipment. Microsoft has also issued a new advisory, CVE-2020-1472, which details the top 15 CVEs for 2021. This advisory also lists other CVEs that are often exploited and recommended mitigations. Applying these patches will help prevent further compromise by malicious cyber actors.

Top Routinely Exploited Vulnerabilities for 2021

Another vulnerability that made the top list this year is Log4Shell. First discovered in 2021, this flaw allows a malicious user to execute arbitrary code in a web application. Since this vulnerability is widespread in web applications, many organizations were shocked to learn about its dependency on Log4j. The result? A large number of data breaches. Many organizations have not implemented proper patching for this vulnerability. There’s a huge need for a thorough patching of web applications.

In addition to these widespread vulnerabilities, a handful of other flaws were also found. Microsoft’s Netlogon Remote Protocol (MS-NRPC) vulnerability was found in March 2021, and is considered one of the most common exploited vulnerabilities. According to Fong, these flaws are widespread and allow hackers to access a network without authenticating. A bad actor can also remotely execute commands and steal information from devices.

Identifying and patching the top routinely exploited vulnerabilities can strengthen network security and slow adversaries. The Atlassian Crow vulnerability, which affects a centralized identity management system, was extensively exploited by nation-state APTs in 2020. A patch for this flaw could force these actors to find other ways to gain access to data. Other vulnerabilities that attackers exploit are weak authentication processes and external-facing devices. Companies should use multi-factor authentication whenever possible to prevent these vulnerabilities.