Cyber Security Advisory released jointly by CISA, ACSC, NCSC and FBI provides details of the top routinely exploited vulnerabilities.

U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI) jointly have released a Cyber Security Advisory. This advisory provides details of the top 30 vulnerabilities, including routinely exploited vulnerabilities by cyber actors in 2020 and widely exploited thus far in 2020.

List of Top Routinely Exploited Vulnerabilities in 2020

Below is the list of 14 topmost vulnerabilities regularly exploited by cyber actors during 2020:

Name of VendorCVE IDType of VulnerabilityPatch Status
CitrixCVE-2019-19781Arbitrary Code ExecutionPatch is available
PulseCVE 2019-11510Arbitrary File ReadingPatch is available
FortinetCVE 2018-13379Path TraversalPatch is available
F5- Big IPCVE 2020-5902Remote Code Execution (RCE)Updated secure version is available
MobileIronCVE 2020-15505Remote Code Execution (RCE)Patch is available
MicrosoftCVE-2020-0688Remote Code Execution (RCE)Patch is available
AtlassianCVE-2019-3396Path TraversalPatch is available
MicrosoftCVE-2017-11882Remote Code Execution (RCE)Patch is available
AtlassianCVE-2019-11580Remote Code Execution (RCE)Patch is available
DrupalCVE-2018-7600Remote Code Execution (RCE)Patch is available
TelerikCVE 2019-18935Remote Code Execution (RCE)Patch is available
MicrosoftCVE-2019-0604Remote Code Execution (RCE)Patch is available
MicrosoftCVE-2020-0787Privilege EscalationPatch is available
MicrosoftCVE-2020-1472Privilege EscalationPatch is available
List of Top Routinely Exploited Vulnerabilities and Patch status for 2020

The majority of the top vulnerabilities targeted in 2020 were disclosed during the past two years. Also malicious cyber actors will most likely continue to use older known vulnerabilities affecting Microsoft Office, such as CVE-2017-11882, as long as they remain effective and systems remain unpatched.

This is not a surprise as adversaries use of known vulnerabilities complicates attribution, reduces costs, and minimizes risk because they are not investing in developing a zero-day exploit for their exclusive use, which they risk losing if it becomes known. Needless to say that unpatched systems for these vulnerabilities are also attacked by Nation-state APTs. 

List of Top Widely being Exploited Vulnerabilities in 2021

Now lets us see the list of 16 topmost vulnerabilities widely being exploited by cyber actors during 2021:

Name of VendorCVE IDType of VulnerabilityPatch Status
MicrosoftCVE-2021-26855
CVE-2021-26857
CVE-2021-26858
CVE-2021-27065
Remote Code Execution (RCE)Patch is available for all
PulseCVE-2021-22893
CVE-2021-22894
CVE-2021-22899
CVE-2021-22900
Authentication Bypass
Remote Code Execution (RCE)
Command Injection
Code Injection
Patch is available for all
AccellionCVE-2021-27101
CVE-2021-27102
CVE-2021-27103
CVE-2021-27104
SQL Injection
OS Command Injection
Server-Side Request Forgery (SSRF)
OS Command Injection
Patch is available for all
VMwareCVE-2021-21985Improper Input ValidationPatch is available
FortinetCVE-2018-13379
CVE-2020-12812
CVE-2019-5591
Path Traversal
Improper Authentication
Missing Authentication for Critical Function
Patch is available for all
List of Top Widely being Exploited CVEs and Patch status for 2021

What you should do?

Specific to these top routinely exploited vulnerabilities, organizations are encouraged to:

  • Apply patches and update systems as quickly as possible. Patch is available for all these top 30 vulnerabilities
  • Do search for the presence of Indicator of Compromise (IoCs). For this, we advise performing a search in both cases of whether systems are patched or not able to patch

The full advisory is available on Cybersecurity & Infrastructure Security Agency Website. Watch this space for more updates in Cyber Security Section.