Cybersecurity security agencies from the United States, United Kingdom, Australia, Canada and New Zealand have published the top 12 routinely exploited vulnerabilities in 2022.
In 2022, bad actors more frequently exploited older software vulnerabilities on unpatched, internet-facing systems, as compared to recently disclosed vulnerabilities.
Report Summary
The new CISA joint Cybersecurity Advisory (CSA) outlines the 12 most exploited CVEs that impact Apache (Log4Shell), Atlassian, F5 Networks (BIG-IP), Fortinet, VMware, Zoho ManageEngine, Microsoft Exchange (ProxyShell) and other Microsoft products.
“Proof of concept (PoC) code was publicly available for many of the software vulnerabilities or vulnerability chains, likely facilitating exploitation by a broader range of malicious cyber actors,” the report added.
The following cybersecurity agencies contributed to the report (AA23-215A), published August 4, 2023:
- United States: The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI)
- Australia: Australian Signals Directorate’s Australian Cyber Security Centre (ACSC)
- Canada: Canadian Centre for Cyber Security (CCCS)
- New Zealand: New Zealand National Cyber Security Centre (NCSC-NZ) and Computer Emergency Response Team New Zealand (CERT NZ)
- United Kingdom: National Cyber Security Centre (NCSC-UK).
Log4Shell
In late December 2021, The Apache Software Foundation released a security update to address another Log4j vulnerability (CVE-2021- 44228), aka “Log4Shell”, where Log4j2 is vulnerable to remote code execution (RCE) via JDBC Appender when an attacker controls a configuration file.
It was later found that the fix for CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. Therefore, another Apache update, CVE-2021-45046, was released that fixed the issue for non-default configurations.
ProxyShell
In August, 2021, cyberattackers were observed scanning and exploiting ProxyShell vulnerabilities on unpatched Microsoft Exchange servers.
The ProxyShell vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) were patched by Microsoft as part of May 2021 patch updates. One of those, CVE-2021-34473, could result in remote code execution (RCE).
Other exploited CVEs
Moreover, the advisory includes the following additional eight (8) most exploited CVEs:
- CVE-2021-26084: Atlassian Confluence Server and Data Center (Arbitrary Code Execution)
- CVE-2022-26134: Atlassian Confluence Server and Data Center (RCE)
- CVE-2022-1388: F5 Networks BIG-IP (Missing Authentication)
- CVE-2018-13379: Fortinet FortiOS and FortiProxy (SSL VPN credential exposure)
- CVE-2022-30190: Microsoft Multiple Products (RCE)
- CVE-2022-22954: VMware Workspace ONE Access and Identity Manager (RCE)
- CVE-2022-22960: VMware Workspace ONE Access, Identity Manager, and vRealize Automation (Improper Privilege Management)
- CVE-2021-40539: Zoho ManageEngine ADSelfService Plus (RCE).
Readers can check out more details on these vulnerabilities from our previous articles published at links below.
Related Articles
- Top CVEs targeted by PRC state-sponsored cyber actors
- Researchers discover Critical RCE 0-day “Log4Shell” vulnerability (CVE-2021-44228) in Apache Log4j logging utility (update)
- Cyberattackers exploiting ProxyShell vulnerabilities
- Atlassian Confluence Server and Data Center vulnerability (CVE-2021-26084) exploits in the wild
- Atlassian fixes Critical Confluence RCE vulnerability (CVE-2022-26134) exploited in the wild
- Attackers could exploit Critical F5 BIG-IP vulnerability to execute arbitrary commands
- FBI and CISA warn of Fortinet FortiOS vulnerability exploits
- Microsoft exposes and disables Polonium activity targeting Israeli organizations
- VMware releases Critical security updates (updated with known exploits for CVE-2022-22954)
- Attackers exploit ZOHO ManageEngine ADSelfService Plus software