CISA Advisory of Top 42 Frequently Exploited Flaws of 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published a report which was co-authored by the NSA, FBI, and the FYEY (Five Eyes) from different countries.

The report provides a complete insight into the Common Vulnerabilities and Exposures (CVEs) that were frequently exploited by threat actors.

As per the report, threat actors have been relying on outdated software vulnerabilities for exploitation instead of those disclosed recently. Systems that were exposed to the internet and left unpatched were mostly targeted.

The Exploitation of Vulnerabilities in 2022

In 2022, threat actors were found to be exploiting known vulnerabilities within two years of their public exposure. Most of the exploited vulnerabilities had Proof-of-concept (PoC) available publicly.

However, timely patching of these vulnerabilities will reduce threat actor operations resulting in the malicious actors switching to a more time-consuming process like a Zero-Day exploit or conducting software supply chain operations).

Top Exploited Vulnerabilities

The most exploited vulnerability of 2022 was CVE-2018-13379 which affected Fortinet SSL VPNs. Moreover, this vulnerability was one of the most exploited in 2020 as well as in 2021.

Many organizations still haven’t patched this vulnerability which gives more space for malicious actors.

Atlassian had two vulnerabilities CVE-2021-26084 (arbitrary code execution) and CVE-2022-26134 (Remote code execution), which were exploited mostly in 2022. Both of these belong to Confluence Server and Data Center.

Microsoft Exchange email servers had three CVEs CVE-2021-34473, CVE-2021-31207, and CVE-2021-34523 which were frequently exploited in 2022. All of these vulnerabilities are known as ProxyShell which can allow a threat actor to execute arbitrary code.

VMware Workspace ONE Access, Identity Manager, and other VMware products had two vulnerabilities CVE-2022-22954 and CVE-2022-22960 which were mostly targeted by threat actors.

These vulnerabilities were RCE, Privilege Escalation, and Authentication.

Furthermore, the CISA has released a list of 42 vulnerabilities that were exploited by threat actors very often and they are yet to be patched by many organisations.

Users of the specified products are recommended to upgrade their products to the latest patched version to avoid exploitation by threat actors.

It is a best practice to keep track of the recent patches and the versions of software that are under use in an organization.

Keep yourself informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.

Eswar

Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

Critical TP-Link DHCP Vulnerability Let Attackers Execute Arbitrary Code Remotely

A critical security flaw has been uncovered in certain TP-Link routers, potentially allowing malicious actors…

2 days ago

Chinese SilkSpecter Hackers Attacking Black Friday Shoppers

SilkSpecter, a Chinese financially motivated threat actor, launched a sophisticated phishing campaign targeting e-commerce shoppers…

2 days ago

Cybercriminals Launch SEO Poisoning Attack to Lure Shoppers to Fake Online Stores

The research revealed how threat actors exploit SEO poisoning to redirect unsuspecting users to malicious…

2 days ago

Black Basta Ransomware Leveraging Social Engineering For Malware Deployment

Black Basta, a prominent ransomware group, has rapidly gained notoriety since its emergence in 2022…

2 days ago

Critical Laravel Vulnerability CVE-2024-52301 Allows Unauthorized Access

CVE-2024-52301 is a critical vulnerability identified in Laravel, a widely used PHP framework for building…

2 days ago

4M+ WordPress Websites to Attacks, Following Plugin Vulnerability

A critical vulnerability has been discovered in the popular "Really Simple Security" WordPress plugin, formerly…

2 days ago