In 2021, the top 15 exploited vulnerabilities – observed by the US Cyber and Infrastructure Security Agency, US NSA, US FBI, Australian Center for Cybersecurity, Canadian Center for Cybersecurity, New York National Cybersecurity Center Zealand and the UK’s National Cybersecurity Center – led to code execution across a range of products and gave IT admins a short window to get their house in order.
“For most of the most exploited vulnerabilities, researchers or other actors released a proof of concept within two weeks of the vulnerability disclosure, which likely made it easier for more actors to exploit malicious,” the agencies said in an alert.
Top of the list is the flaw in the Apache Log4j Java logging library, also known as Log4Shell, which was disclosed in December.
“The rapid and widespread exploitation of this vulnerability demonstrates the ability of malicious actors to rapidly exploit known vulnerabilities and target organizations before they apply patches,” the alert reads.
It is followed by CVE-2021-40539, a remote code execution flaw in Zoho ManageEngine, and seven vulnerabilities in Exchange, known as ProxyShell and ProxyLogin.
Next on the list is CVE-2021-26084 in Atlassian Confluence, which US Cybercom warned was under massive exploitation in September. In this case, the agencies said the exploit code was released a week after it was leaked.
The last 2021 vulnerability on the list is CVE-2021-21972, which affects VMware vSphere.
Older faults also have their place
The list is completed by a quartet of vulnerabilities that were discovered over a year ago, namely CVE-2020-1472 in Microsoft Netlogon, also called Zerologon, CVE-2020-0688 in Exchange, CVE-2019-11510 Pulse Secure Connect and CVE-2018-13379 affecting two Fortinet products, FortiOS and FortiProxy.
A secondary list of 15 other CVEs has also been released, and includes flaws in Accellion FTA, additional remote code execution flaws in VMware vCenter, and those affecting the Windows Print Spooler.
To mitigate these vulnerabilities, the agencies reiterated their advice on applying patches in a timely manner, having a centralized patch management system, and switching to cloud or managed service providers if a quick scan is n is not considered feasible. The guidance adds that organizations should apply multi-factor authentication to all users without exception, especially VPN connections, as well as regularly reviewing privileged accounts at least once a year and adopting the principle of least privilege.
(function(d, s, id) var js, fjs = d.getElementsByTagName(s); if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/fr_FR/all.js#appId=243265768935&xfbml=1"; fjs.parentNode.insertBefore(js, fjs); (document, 'script', 'facebook-jssdk'));