Monday, February 17, 2025
HomeCyber Security NewsCISA Advisory of Top 42 Frequently Exploited Flaws of 2022

CISA Advisory of Top 42 Frequently Exploited Flaws of 2022

Published on

SIEM as a Service

Follow Us on Google News

The Cybersecurity and Infrastructure Security Agency (CISA) has published a report which was co-authored by the NSA, FBI, and the FYEY (Five Eyes) from different countries.

The report provides a complete insight into the Common Vulnerabilities and Exposures (CVEs) that were frequently exploited by threat actors.

As per the report, threat actors have been relying on outdated software vulnerabilities for exploitation instead of those disclosed recently. Systems that were exposed to the internet and left unpatched were mostly targeted.

The Exploitation of Vulnerabilities in 2022

In 2022, threat actors were found to be exploiting known vulnerabilities within two years of their public exposure. Most of the exploited vulnerabilities had Proof-of-concept (PoC) available publicly.

However, timely patching of these vulnerabilities will reduce threat actor operations resulting in the malicious actors switching to a more time-consuming process like a Zero-Day exploit or conducting software supply chain operations).

Top Exploited Vulnerabilities

The most exploited vulnerability of 2022 was CVE-2018-13379 which affected Fortinet SSL VPNs. Moreover, this vulnerability was one of the most exploited in 2020 as well as in 2021.

Many organizations still haven’t patched this vulnerability which gives more space for malicious actors.

Atlassian had two vulnerabilities CVE-2021-26084 (arbitrary code execution) and CVE-2022-26134 (Remote code execution), which were exploited mostly in 2022. Both of these belong to Confluence Server and Data Center.

Microsoft Exchange email servers had three CVEs CVE-2021-34473, CVE-2021-31207, and CVE-2021-34523 which were frequently exploited in 2022. All of these vulnerabilities are known as ProxyShell which can allow a threat actor to execute arbitrary code.

VMware Workspace ONE Access, Identity Manager, and other VMware products had two vulnerabilities CVE-2022-22954 and CVE-2022-22960 which were mostly targeted by threat actors.

These vulnerabilities were RCE, Privilege Escalation, and Authentication.

Furthermore, the CISA has released a list of 42 vulnerabilities that were exploited by threat actors very often and they are yet to be patched by many organisations.

Users of the specified products are recommended to upgrade their products to the latest patched version to avoid exploitation by threat actors.

It is a best practice to keep track of the recent patches and the versions of software that are under use in an organization.

Keep yourself informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Stealthy Malware in WordPress Sites Enables Remote Code Execution by Hackers

Security researchers have uncovered sophisticated malware targeting WordPress websites, leveraging hidden backdoors to enable...

Xerox Printer Vulnerability Exposes Authentication Data Via LDAP and SMB

A critical security vulnerability in Xerox’s Versalink C7025 Multifunction Printer (MFP) has been uncovered,...

New XCSSET Malware Targets macOS Users Through Infected Xcode Projects

Microsoft Threat Intelligence has identified a new variant of the XCSSET macOS malware, marking...

Beware! Fake Outlook Support Calls Leading to Ransomware Attacks

Telekom Security has recently uncovered a significant vishing (voice phishing) campaign targeting individuals and...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Stealthy Malware in WordPress Sites Enables Remote Code Execution by Hackers

Security researchers have uncovered sophisticated malware targeting WordPress websites, leveraging hidden backdoors to enable...

Xerox Printer Vulnerability Exposes Authentication Data Via LDAP and SMB

A critical security vulnerability in Xerox’s Versalink C7025 Multifunction Printer (MFP) has been uncovered,...

New XCSSET Malware Targets macOS Users Through Infected Xcode Projects

Microsoft Threat Intelligence has identified a new variant of the XCSSET macOS malware, marking...