7

Top 30 Critical Security Flaws Most Used by Cybercriminals

 2 years ago
source link: https://news.softpedia.com/news/top-30-critical-security-flaws-most-used-by-cybercriminals-533616.shtml
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Hackers continue to attack their victims on a regular basis by exploiting old vulnerabilities in outdated software

A joint advisory from the intelligence agencies of the United States, United Kingdom, and Australia described the most commonly exploited security vulnerabilities in 2020 and 2021, according to The Hacker News.

A wide range of software applications that feature virtual private networks (VPNs), remote working and cloud-based technologies, are included in the top 30 vulnerabilities, counting products from Accellion, Drupal, Citrix, VMWare, Fortinet, Microsoft, F5 Big IP, and Atlassian amongst other vendors.

This advisory comes a week after MITRE released a list of the top 25 most dangerous software mistakes that could result in major vulnerabilities that an attacker could exploit in order to take control of a targeted system, cause a denial-of-service condition or access sensitive information.

The FBI, NCSC, ACSC, and CISA highlight that cybercriminals continue to attack bigger targets, including private enterprises and public organizations around the world, by exploiting old vulnerabilities that are publicly known, most of them being part of out-of-date software.

The following is the list of vulnerabilities that have been actively attacked this year: 

  • Accellion: CVE-2021-27102, CVE-2021-27103, CVE-2021-27101, and CVE-2021-27104 
  • Fortinet: CVE-2020-12812, CVE-2018-13379, and CVE-2019-5591 
  • VMware: CVE-2021-21985 
  • Pulse Secure: CVE-2021-22893, CVE-2021-22900, CVE-2021-22899, and CVE-2021-22894 
  • Microsoft Exchange Server: CVE-2021-27065 (also known as "ProxyLogon"), CVE-2021-26855, CVE-2021-26858, and CVE-2021-26857 
The following are the most often used vulnerabilities in 2020: 
  • CVE-2019-11510 - Pulse Connect Secure arbitrary file reading flaw, with a CVSS score of 10 
  • CVE-2020-5902 - F5 BIG-IP remote code execution flaw, with a CVSS score of 9.8 
  • CVE-2020-0688 - Microsoft Exchange memory corruption flaw, with a CVSS score of 8.8 
  • CVE-2017-11882 - Microsoft Office memory corruption flaw, with a CVSS score of 7.8 
  • CVE-2018-7600 - Drupal remote code execution flaw, with a CVSS score of 9.8 
  • CVE-2019-0604 - Microsoft SharePoint remote code execution flaw, with a CVSS score of 9.8 
  • CVE-2020-1472 - Windows Netlogon elevation of privilege flaw, with a CVSS score of 10 
  • CVE-2020-0787 - Windows Background Intelligent Transfer Service (BITS) elevation of privilege flaw, with a CVSS score of 7.8 
  • CVE-2019-18935 - Telerik .NET deserialization vulnerability resulting in remote code execution, with a CVSS score of 9.8 
  • CVE-2019-3396  - Atlassian Confluence Server remote code execution flaw, with a CVSS score of 9.8 
  • CVE-2020-15505 - MobileIron Core & Connector remote code execution flaw, with a CVSS score of 9.8 
  • CVE-2018-13379 - Fortinet FortiOS path traversal vulnerability leading to system file leak 9.8 
  • CVE-2019-19781 - Citrix Application Delivery Controller (ADC) and Gateway directory traversal flaw, with a CVSS score of 9.8 
  • CVE-2020-5902 - F5 BIG-IP remote code execution flaw, with a CVSS score of 9.8 

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK