The Most Commonly Routinely Exploited Vulnerabilities of 2021
Most Commonly Routinely Exploited Vulnerabilities
The National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Canadian Centre for Cybersecurity, and the United Kingdom’s National Cybersecurity Centre published an advisory on the most commonly exploited vulnerabilities of 2021. While some of these vulnerabilities were fixed as recently as 2017, the authors note that attackers continue to actively exploit older, publicly known vulnerabilities. Patching older vulnerabilities is vitally important, as attackers are discovering new exploits faster than organizations can fix them.
According to the report, the top 15 most routinely exploited vulnerabilities in 2016 and 2017 were the same ones that were publicly disclosed a year earlier. However, many organizations still fail to patch their software and remain vulnerable to known attack vectors. In addition, a joint cybersecurity advisory highlights additional vulnerabilities and mitigation techniques that organizations should be aware of. The list focuses on the most common exploits, including zero-day vulnerabilities and other security issues.
A critical security vulnerability in Apache Log4j was discovered in December 2021. This flaw allows an unauthenticated user to execute arbitrary code. The exploit is widely used in web applications and can be exploited by hackers, even if the application is configured properly. The vulnerability has been in production since August 2021, but many organizations did not immediately take action to address it. The government and other security organizations warned of mass exploitation in September and urged enterprises to patch immediately.
The Most Commonly Routinely Exploited Vulnerabilities of 2021
Several other zero-day vulnerabilities are exploitable by attackers. Three of them, the ProxyShell vulnerability and CVE-2018-13379, can be exploited on Microsoft Exchange email servers. These vulnerabilities are based on the ProxyShell protocol, which allows attackers to bypass authentication and execute arbitrary code. In some cases, the attacker can even access email accounts on the affected server. This is an extremely dangerous situation for businesses because it opens the door for hackers and malicious actors.
Another critical vulnerability, CVE-2021-21972, can be abused to access the files on a vulnerable server. The exploiter has to have access to port 443 in order to gain privileged privileges. If an attacker has access to port 443 in the targeted system, he or she can execute malicious code and gain root access to the system. The vulnerability has already led to mass scanning of vulnerable VMware vCenter servers and a Proof of Concept (POC) code was published online. There is also a mitigation advisory.
Another important vulnerability is CVE-2018-13379, which is a path traversal vulnerability. The exploit can allow a remote, unauthenticated attacker to download FortiProxy system files. The exploit requires specially crafted HTTP resource requests. CVE-2018-13379 has been used by Russian state actors for data theft and ransomware. CISA has issued several advisories regarding this vulnerability. In order to prevent a security breach, companies must immediately patch CVE-2018-13379.