US, UK, Australia issue joint advisory on today's top exploited vulnerabilities
US, UK, Australia issue joint advisory on today’s top exploited vulnerabilities
Cyber-security agencies from Australia, the UK, and the US have published a joint advisory today listing the most exploited security flaws throughout 2020 and 2021.
Joint advisories were published today by the Australian Cyber Security Centre (ACSC), the UK National Cyber Security Centre (NCSC), the US Cybersecurity and Infrastructure Security Agency (CISA), and the US Federal Bureau of Investigation (FBI).
According to the joint advisories, the vulnerabilities span a wide spectrum of products, ranging from VPN appliances to email servers and from network access gateways to web-based enterprise applications and desktop software.
However, the crux of today’s joint advisory is that threat actors have typically exploited recent vulnerabilities, showing their ability to quickly weaponize security flaws once they entered the public domain.
The advisories do not rank vulnerabilities based on their importance but split them into two lists.
The first list is dedicated to the vulnerabilities most exploited through 2020:
CVE-2019-19781 – Citrix Netscaler Directory Traversal
CVE-2019-11510 – Pulse Secure Connect VPN Unauthenticated Arbitrary File Disclosure
CVE-2018-13379 – Fortinet FortioOS Secure Socket Layer VPN Unauthenticated Directory Traversal
CVE-2020-5902 – F5 Big IP Traffic Management User Interface Remote Code Execution
CVE-2020-15505 – MobileIron Core & Connector Remote Code Execution
CVE-2020-0688 – Microsoft Exchange Memory Corruption/Remote Code Execution
CVE-2019-3396 – Atlassian Confluence Server Widget Connector Remote Code Execution
CVE-2017-11882 – Microsoft Office Memory Corruption/Remote Code Execution
CVE-2019-11580 – Atlassian Crowd and Crowd Data Center Remote Code Execution
CVE-2018-7600 – Drupal Core Multiple Remote Code Execution
CVE-2019-18935 – Telerik UI for ASP.NET AJAX Insecure Deserialization
CVE-2019-0604 – Microsoft SharePoint Remote Code Execution
CVE-2020-0787 – Windows Background Intelligent Transfer Service Elevation of Privilege
CVE-2020-1472 – Windows Netlogon Elevation of Privilege
The second list includes vulnerabilities that also came under attack in 2021, grouped by vendor:
Microsoft Exchange: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065
Pulse Secure: CVE-2021-22893, CVE-2021-22894, CVE-2021-22899, and CVE-2021-22900
Accellion: CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104
VMware: CVE-2021-21985
Fortinet: CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591
While it would be unrealistic to classify vulnerabilities based on their popularity among threat actors and the number of attacks, the agencies hope that the two lists will encourage private companies and government organizations to take notice, search their networks, and then patched any devices vulnerable to the bugs listed above.
“Collaboration is a crucial part of CISA’s work and today we partnered with ACSC, NCSC and FBI to highlight cyber vulnerabilities that public and private organisations should prioritise for patching to minimise risk of being exploited by malicious actors,” said CISA Executive Assistant Director for Cybersecurity, Eric Goldstein.
Cyber-security agencies from Australia, the UK, and the US have published a joint advisory today listing the most exploited security flaws throughout 2020 and 2021.
Joint advisories were published today by the Australian Cyber Security Centre (ACSC), the UK National Cyber Security Centre (NCSC), the US Cybersecurity and Infrastructure Security Agency (CISA), and the US Federal Bureau of Investigation (FBI).
According to the joint advisories, the vulnerabilities span a wide spectrum of products, ranging from VPN appliances to email servers and from network access gateways to web-based enterprise applications and desktop software.
However, the crux of today’s joint advisory is that threat actors have typically exploited recent vulnerabilities, showing their ability to quickly weaponize security flaws once they entered the public domain.
The advisories do not rank vulnerabilities based on their importance but split them into two lists.
The first list is dedicated to the vulnerabilities most exploited through 2020:
CVE-2019-19781 – Citrix Netscaler Directory Traversal
CVE-2019-11510 – Pulse Secure Connect VPN Unauthenticated Arbitrary File Disclosure
CVE-2018-13379 – Fortinet FortioOS Secure Socket Layer VPN Unauthenticated Directory Traversal
CVE-2020-5902 – F5 Big IP Traffic Management User Interface Remote Code Execution
CVE-2020-15505 – MobileIron Core & Connector Remote Code Execution
CVE-2020-0688 – Microsoft Exchange Memory Corruption/Remote Code Execution
CVE-2019-3396 – Atlassian Confluence Server Widget Connector Remote Code Execution
CVE-2017-11882 – Microsoft Office Memory Corruption/Remote Code Execution
CVE-2019-11580 – Atlassian Crowd and Crowd Data Center Remote Code Execution
CVE-2018-7600 – Drupal Core Multiple Remote Code Execution
CVE-2019-18935 – Telerik UI for ASP.NET AJAX Insecure Deserialization
CVE-2019-0604 – Microsoft SharePoint Remote Code Execution
CVE-2020-0787 – Windows Background Intelligent Transfer Service Elevation of Privilege
CVE-2020-1472 – Windows Netlogon Elevation of Privilege
The second list includes vulnerabilities that also came under attack in 2021, grouped by vendor:
Microsoft Exchange: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065
Pulse Secure: CVE-2021-22893, CVE-2021-22894, CVE-2021-22899, and CVE-2021-22900
Accellion: CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104
VMware: CVE-2021-21985
Fortinet: CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591
While it would be unrealistic to classify vulnerabilities based on their popularity among threat actors and the number of attacks, the agencies hope that the two lists will encourage private companies and government organizations to take notice, search their networks, and then patched any devices vulnerable to the bugs listed above.
“Collaboration is a crucial part of CISA’s work and today we partnered with ACSC, NCSC and FBI to highlight cyber vulnerabilities that public and private organisations should prioritise for patching to minimise risk of being exploited by malicious actors,” said CISA Executive Assistant Director for Cybersecurity, Eric Goldstein.
