CISA, ACSC, the NCSC, and the FBI have compiled a list with the top most exploited vulnerabilities targeted by malicious actors in 2020, and if any of these concern you, you should consider patching them long overdue. In a pandemic-hit world, actors mostly focused on flaws that exist in VPNs, remote work tools, cloud-based solutions, etc. At the same time, the disordination of scattered IT teams responsible for defending against threats didn’t help mitigate the situation.
These are the top routinely exploited CVEs in 2020:
While four out of the twelve flaws mentioned above were discovered and patched in 2020, the rest were one, two, and even three years old. In fact, CVE-2017-11882 was included in CISA’s top 10 most exploited vulnerabilities to patch for 2019, yet it remained one of the most leveraged flaws in 2020. The same goes for the CVE-2018-7600 (Drupal) and CVE-2019-0604 (SharePoint). There’s just no excuse for leaving these products unpatched in 2021.
As for the running year, CISA has gathered enough data to be in a position to compile a tentative list, so here are the most targeted flaws in 2021:
The agency has provided a list of mitigations for each of the above vulnerabilities, so if you can’t apply the fixing patches through software updates for any reason, you should at least consult the advisory and figure out how you can minimize the risk of exploitation. Remember, these flaws are being used in automated scanning operations that can map large portions of the web, and the vulnerable endpoints are then used for dropping web shells and then typically sold to ransomware actors.