{"id":21775,"date":"2022-04-28T21:12:31","date_gmt":"2022-04-28T21:12:31","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/?p=21775"},"modified":"2022-04-28T21:12:31","modified_gmt":"2022-04-28T21:12:31","slug":"top-exploited-vulnerabilities-2021","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/threats\/top-exploited-vulnerabilities-2021\/","title":{"rendered":"Cybersecurity Agencies Reveal the Top Exploited Vulnerabilities of 2021"},"content":{"rendered":"

U.S. cybersecurity agencies joined their counterparts around the globe to urge organizations to address the top 15 vulnerabilities<\/a> exploited in 2021.<\/p>\n

Topping the list were the Log4Shell vulnerability<\/a> and Microsoft bugs ProxyShell<\/a> and ProxyLogon<\/a>. Microsoft occupied more than half the list, with Exchange Server accounting for eight of the vulnerabilities. VMware, Atlassian, Pulse Secure and Fortinet rounded out the list.<\/p>\n

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), NSA and FBI joined their “Five Eyes” counterparts in issuing the alert: the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NZ NCSC), and the UK\u2019s National Cyber Security Centre (NCSC UK).<\/p>\n

The advisory entails the top 15 Common Vulnerabilities and Exposures (CVEs) that were routinely exploited by malicious cyber actors in 2021, plus another 21 frequently exploited CVEs. The cybersecurity authorities urged organizations to immediately apply timely patches to their systems and implement a centralized patch management system in order to reduce their attack surface.<\/p>\n

Also read: Best Patch Management Software & Tools<\/a><\/p>\n

Web-Facing Systems at Risk<\/h2>\n

Malicious actors tend to focus on internet-facing systems to gain entry into a network, such as email and virtual private network (VPN)<\/a> servers, using exploits targeting newly disclosed vulnerabilities<\/a>.<\/p>\n

“U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities assess, in 2021, malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities against broad target sets, including public and private sector organizations worldwide,” said the advisory.<\/p>\n

It could be because of the malicious actors and security researchers releasing proof of concept (POC) exploits within two weeks of the initial disclosure of most of the top exploited bugs in 2021. However, some of the attacks were focused on older vulnerabilities patched years before, indicating that some organizations fail to update their systems even if they detect a patch.<\/p>\n

See the Top Secure Email Gateways<\/a><\/p>\n

Top 15 Routinely Exploited Vulnerabilities<\/h2>\n

The table below shows the top 15 vulnerabilities observed by the US, Australian, Canadian, New Zealand, and UK cybersecurity authorities, linked to National Vulnerability Database entries and associated malware.<\/p>\n

\n\n\n\n\n\n<\/colgroup>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
CVE<\/strong><\/td>\nVulnerability<\/strong><\/td>\nVendor and Product<\/strong><\/td>\nType<\/strong><\/td>\n<\/tr>\n
CVE-2021-44228<\/a><\/td>\nLog4Shell<\/td>\nApache Log4j<\/td>\nRemote code execution (RCE)<\/td>\n<\/tr>\n
CVE-2021-40539<\/a><\/td>\n <\/td>\nZoho ManageEngine AD SelfService Plus<\/td>\nRCE<\/td>\n<\/tr>\n
CVE-2021-34523<\/a><\/td>\nProxyShell<\/td>\nMicrosoft Exchange Server (MES)<\/td>\nElevation of privilege<\/td>\n<\/tr>\n
CVE-2021-34473<\/a><\/td>\nProxyShell<\/td>\nMES<\/td>\nRCE<\/td>\n<\/tr>\n
CVE-2021-31207<\/a><\/td>\nProxyShell<\/td>\nMES<\/td>\nSecurity feature bypass<\/td>\n<\/tr>\n
CVE-2021-27065<\/a><\/td>\nProxyLogon<\/td>\nMES<\/td>\nRCE<\/td>\n<\/tr>\n
CVE-2021-26858<\/a><\/td>\nProxyLogon<\/td>\nMES<\/td>\nRCE<\/td>\n<\/tr>\n
CVE-2021-26857<\/a><\/td>\nProxyLogon<\/td>\nMES<\/td>\nRCE<\/td>\n<\/tr>\n
CVE-2021-26855<\/a><\/td>\nProxyLogon<\/td>\nMES<\/td>\nRCE<\/td>\n<\/tr>\n
CVE-2021-26084<\/a><\/p>\n

 <\/td>\n

 <\/td>\nAtlassian Confluence Server and Data Center<\/td>\nArbitrary code execution<\/td>\n<\/tr>\n
CVE-2021-21972<\/a><\/td>\n <\/td>\nVMware vSphere Client<\/td>\nRCE<\/td>\n<\/tr>\n
CVE-2020-1472<\/a><\/td>\nZeroLogon<\/td>\nMicrosoft Netlogon Remote Protocol (MS-NRPC)<\/td>\nElevation of privilege<\/td>\n<\/tr>\n
CVE-2020-0688<\/a><\/td>\n <\/td>\nMES<\/td>\nRCE<\/td>\n<\/tr>\n
CVE-2019-11510<\/a><\/td>\n <\/td>\nPulse Secure Pulse Connect Secure<\/td>\nArbitrary file reading<\/td>\n<\/tr>\n
CVE-2018-13379<\/a><\/td>\n <\/td>\nFortinet FortiOS and FortiProxy<\/td>\nPath traversal<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n

Other Routinely Exploited Vulnerabilities<\/h2>\n

In addition to the 15 vulnerabilities listed in the table above, the alert also listed 21 additional security vulnerabilities identified by the cybersecurity agencies that were routinely exploited by malicious cyber actors in 2021.<\/p>\n

It includes multiple vulnerabilities that affect internet-facing systems, including Accellion File Transfer Appliance (FTA), Pulse Secure Pulse Connect Secure, and Windows Print Spooler<\/a>. Three of these vulnerabilities \u2014 CVE-2019-19781, CVE-2019-18935, and CVE-2017-11882 \u2014 were also routinely exploited in 2020<\/a>.<\/p>\n

\n\n\n\n\n<\/colgroup>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
CVE<\/strong><\/td>\nVendor and Product<\/strong><\/td>\nType<\/strong><\/td>\n<\/tr>\n
CVE-2021-42237<\/a><\/td>\nSitecore XP<\/td>\nRCE<\/td>\n<\/tr>\n
CVE-2021-35464<\/a><\/td>\nForgeRock OpenAM server<\/td>\nRCE<\/td>\n<\/tr>\n
CVE-2021-27104<\/a><\/td>\nAccellion FTA<\/td>\nOS command execution<\/td>\n<\/tr>\n
CVE-2021-27103<\/a><\/td>\nAccellion FTA<\/td>\nServer-side request forgery<\/td>\n<\/tr>\n
CVE-2021-27102<\/a><\/td>\nAccellion FTA<\/td>\nOS command execution<\/td>\n<\/tr>\n
CVE-2021-27101<\/a><\/td>\nAccellion FTA<\/td>\nSQL injection<\/td>\n<\/tr>\n
CVE-2021-21985<\/a><\/td>\nVMware vCenter Server<\/td>\nRCE<\/td>\n<\/tr>\n
CVE-2021-20038<\/a><\/td>\nSonicWall Secure Mobile Access (SMA)<\/td>\nRCE<\/td>\n<\/tr>\n
CVE-2021-40444<\/a><\/td>\nMicrosoft MSHTML<\/td>\nRCE<\/td>\n<\/tr>\n
CVE-2021-34527<\/a><\/td>\nMicrosoft Windows Print Spooler<\/td>\nRCE<\/td>\n<\/tr>\n
CVE-2021-3156<\/a><\/td>\nSudo<\/td>\nPrivilege escalation<\/td>\n<\/tr>\n
CVE-2021-27852<\/a><\/td>\nCheckbox Survey<\/td>\nRemote arbitrary code execution<\/td>\n<\/tr>\n
CVE-2021-22893<\/a><\/td>\nPulse Secure Pulse Connect Secure<\/td>\nRemote arbitrary code execution<\/td>\n<\/tr>\n
CVE-2021-20016<\/a><\/td>\nSonicWall SSLVPN SMA100<\/td>\nImproper SQL command neutralization, allowing for credential access<\/td>\n<\/tr>\n
CVE-2021-1675<\/a><\/td>\nWindows Print Spooler<\/td>\nRCE<\/td>\n<\/tr>\n
CVE-2020-2509<\/a><\/td>\nQNAP QTS and QuTS hero<\/td>\nRemote arbitrary code execution<\/td>\n<\/tr>\n
CVE-2019-19781<\/a><\/td>\nCitrix Application Delivery Controller (ADC) and Gateway<\/td>\nArbitrary code execution<\/td>\n<\/tr>\n
CVE-2019-18935<\/a><\/td>\nProgress Telerik UI for ASP.NET AJAX<\/td>\nCode execution<\/td>\n<\/tr>\n
CVE-2018-0171<\/a><\/td>\nCisco IOS Software and IOS XE Software<\/td>\nRemote arbitrary code execution<\/td>\n<\/tr>\n
CVE-2017-11882<\/a><\/td>\nMicrosoft Office<\/td>\nRCE<\/td>\n<\/tr>\n
CVE-2017-0199<\/a><\/td>\nMicrosoft Office<\/td>\nRCE<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n

Mitigation Measures<\/h2>\n

The advisory also includes some mitigation measures to reduce the risk associated with the most abused flaws detailed above. It suggests that companies should use a centralized patch management system while regularly updating their software, applications, operating systems, and firmware on IT network assets. They should also enforce multifactor authentication (MFA)<\/a> for all users, without exception, and must review, validate, or remove privileged accounts in a timely manner (annually at a minimum).<\/p>\n

Read next: Best Privileged Access Management (PAM) Software<\/a><\/p>\n\n\n

\n \n\n \n\n
\n \n <\/path>\n <\/svg>\n <\/div>\n \n
\n
\n

\n Get the Free Cybersecurity Newsletter <\/h3>\n \n \n

\n Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday <\/p>\n <\/div>\n\n

\n
\n \n Email Address\n <\/label>\n \n <\/div>\n\n
\n
\n \n \n By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time. <\/label>\n <\/div>\n <\/div>\n \n