NCSC, CISA, and ACSC release list of 30 most-exploited vulnerabilities

NCSC, CISA, and ACSC release list of 30 most-exploited vulnerabilities

NCSC, CISA and ACSC release list of 30 most-exploited vulnerabilities

The UK, the US, and Australia have together published a list of the top thirty vulnerabilities and exposures that are routinely exploited by cyber criminals to target organisations worldwide.

The list of vulnerabilities, including remote code execution, elevation of privilege, and arbitrary code execution vulnerabilities, was published this Wednesday by GCHQ’s National Cyber Security Centre, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), and the U.S. Federal Bureau of Investigation (FBI).

These vulnerabilities affect widely-used devices and software owned and sold by well-known companies, such as Microsoft, Citrix, Fortinet, Drupal, Atlassian, F5, and Pulse. This year, cyber criminals also targeted vulnerabilities in perimeter-type devices offered by the likes of Accellion, VMware, and Fortinet.

Even though security patches are available for all of these vulnerabilities, cyber attacks continue to succeed as many organisations fail to patch their devices and networks quickly enough. “Four of the most targeted vulnerabilities in 2020 affected remote work, VPNs, or cloud-based technologies. Many VPN gateway devices remained unpatched during 2020, with the growth of remote work options challenging the ability of organisations to conduct rigorous patch management,” the joint advisory noted.

Here are the top thirty vulnerabilities identified by the agencies as the most-exploited ones since 2020:

No.ProductVendorCVESeverityType
1Netscaler Directory TraversalCitrixCVE-2019-19781CriticalRemote code execution
2Pulse Secure Connect VPNPulseCVE 2019-11510CriticalArbitrary file reading
3FortioOS Secure Socket Layer VPNFortinetCVE 2018-13379CriticalPath traversal
4Big IP Traffic Management User InterfaceF5- Big IPCVE 2020-5902CriticalRemote code execution
5MobileIron Core & ConnectorMobileIronCVE 2020-15505CriticalRemote code execution
6Microsoft Exchange Memory CorruptionMicrosoftCVE-2020-0688HighRemote code execution
7Atlassian Confluence Server and Data Center Widget ConnectorAtlassianCVE-2019-3396CriticalServer-side template injection
8Microsoft OfficeMicrosoftCVE 2017-11882HighArbitrary code execution
9Atlassian Crowd and Crowd Data CenterAtlassianCVE 2019-11580CriticalRemote code execution
10Drupal versions before 7.58DrupalCVE 2018-7600CriticalArbitrary code execution
11Telerik User Interface (UI) for ASP.NETTelerik CVE 2019-18935CriticalRemote code execution
12Microsoft SharePointMicrosoftCVE-2019-0604CriticalArbitrary code execution
13Windows Background Intelligent Transfer Service (BITS)MicrosoftCVE-2020-0787HighArbitrary code execution
14Windows Netlogon Remote Protocol (MS-NRPC)MicrosoftCVE-2020-1472CriticalDomain Impersonation
15Microsoft ExchangeMicrosoftCVE-2021-26855CriticalRemote code execution
16Microsoft ExchangeMicrosoftCVE-2021-26857HighRemote code execution
17Microsoft ExchangeMicrosoftCVE-2021-26858HighRemote code execution
18Microsoft ExchangeMicrosoftCVE-2021-27065HighRemote code execution
19Pulse Connect Secure VPNPulseCVE-2021-22893CriticalAuthentication bypass
20Pulse Connect Secure VPNPulseCVE-2021-22894HighBuffer overflow vulnerability
21Pulse Connect Secure VPNPulseCVE-2021-22899CriticalRemote code execution
22Pulse Connect Secure VPNPulseCVE-2021-22900HighUnrestricted uploads
23Accellion File Transfer ApplianceAccellionCVE-2021-27101CriticalSQL injection
24Accellion File Transfer ApplianceAccellionCVE-2021-27102HighCommand execution
25Accellion File Transfer ApplianceAccellionCVE-2021-27103CriticalSSRF via a crafted POST
26Accellion File Transfer ApplianceAccellionCVE-2021-27104CriticalCommand execution
27VMware vCenter SoftwareVmwareCVE-2021-21985CriticalRemote code execution
28Fortinet FortiOSFortinetCVE-2018-13379CriticalPath traversal
29Fortinet FortiOSFortinetCVE-2020-12812CriticalImproper authentication
30Fortinet FortiOSFortinetCVE-2019-5591HighLDAP server impersonation

Commenting on the list of the most-exploited vulnerabilities released this week, Jason Garbis, Chief Product Officer at Appgate, says that it’s unsurprising to see VPNs listed in the NCSC joint advisory as being some of the top, most targeted vulnerabilities of 2020 and 2021.

“VPN appliances have always been a security concern, and in the past year, these concerns have escalated. The COVID-19 pandemic dramatically increased VPN usage, with more employees having access to it and more systems newly exposed to remote access. Attackers are aware of that, so we have naturally observed an increase in attacks on VPNs.  

“Organisations need to recognise that VPNs are remote access tools, not information security tools. They need to shift to a Zero Trust approach where all network resources (including remote access entry points) are hidden from unauthorised users, multi-factor authentication is enforced, and limiting user access to what a person needs to do their job is used across the company.

“We recommend replacing legacy VPNs with a Software-Defined Perimeter. This allows organisations to implement strong security policies for each system the employee tries to access, have different requirements depending on the employee’s role, the device used, and the system needed, and limits access to only what is needed to perform a job function,” he adds.

Also Read: Widely-used PremiSys access control system features four zero-day vulnerabilities

Copyright Lyonsdown Limited 2021

Top Articles

Double trouble: the rising threat of double-extortion ransomware

Ransomware attackers continue to threaten businesses at an increasing scale, speed and sophistication.

The blurring line between nation-state and cyber-criminals

Russia is widely known to be involved in a plethora of cyber-criminal activity.

XDR: Delivering value where SIEMs fail

Implementing an XDR solution means faster detection, and remediation of cyber incidents

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]