These Are the Most Exploited Flaws by Chinese Hackers According to the NSA

  • The NSA has gathered enough cyber-attack data from Chinese hackers and has the list with the most exploited flaws.
  • In many cases, we see vulnerabilities that were fixed with patches one, two, or even three years ago.
  • Experts comment that most of these flaws indicate second-stage deployments.

The NSA (National Security Agency) has compiled a list with the top 25 most exploited vulnerabilities by Chinese state-supported hackers and released the relevant cybersecurity advisory to help agencies, companies, organizations, and web admins apply the corresponding mitigations.

  • CVE-2019-11510: Pulse Secure VPN arbitrary file reading flaw leading to the exposure of keys and passwords.
  • CVE-2020-5902: F5 BIG-IP remote code execution vulnerability.
  • CVE-2019-19781: Citrix Application Delivery Controller and Gateway flaw, enabling remote code execution without credentials.
  • CVE-2020-8193, CVE-2020-8195, CVE-2020-8196: Information disclosure flaws in Citrix ADC, Citrix Gateway, and Citrix SDWAN WAN-OP.
  • CVE-2019-0708: RCE vulnerability in Windows XP, 7, and Server 2003 and 2008 Remote Desktop Services
  • CVE-2020-15505: MobileIron flaw allowing remote code execution via unspecified vectors.
  • CVE-2020-1350: Windows Domain Name System servers RCE based on improper request handling.
  • CVE-2020-1472: Elevation of privilege flaw in Netlogon Remote Protocol.
  • CVE-2019-1040: Microsoft Windows NTLM MIC man-in-the-middle enabling flaw.
  • CVE-2018-6789: Exim mail flaw resulting in buffer overflow and RCE conditions.
  • CVE-2020-0688: Microsoft Exchange validation key remote code execution flaw.
  • CVE-2018-4939: Adobe ColdFusion vulnerability leading to arbitrary code execution.
  • CVE-2015-4852: Oracle WebLogic Server bug exploited with a specially crafted Java object.
  • CVE-2020-2555: Oracle Coherence flaw allowing an unauthenticated attacker to gain network access.
  • CVE-2019-3396: Atlassian Confluence RCE through server-side template injection.
  • CVE-2019-11580: Atlassian Crowd RCE, which results in arbitrary plugin installation.
  • CVE-2020-10189: ZohoManage engine RCE flaw.
  • CVE-2019-18935: Progress Telerik .NET vulnerability resulting in remote code execution.
  • CVE-2020-0601: Spoofing vulnerability in Microsoft Windows 10 and Server 2016 – 2019.
  • CVE-2019-0803: Elevation of privilege flaw in Windows 7, 10, and Server 2008 – 2019.
  • CVE-2017-6327: Symantec Messaging Gateway remote code execution.
  • CVE-2020-3118: Flaw in Cisco IOS XR, which results in arbitrary code execution from an unauthenticated attacker.
  • CVE-2020-8515: DrayTek Vigor RCE with root privileges without authentication.

Oliver Tavakoli, CTO at Vectra, has shared the following comment with us on NSA’s list:

The breadth of products covered by this list of CVEs would indicate that the NSA has curated this list through the observation of many attacks undertaken by these actors. The exploits themselves also cover a broad range of steps in the cyberattack lifecycle, indicating that many of the attacks in which these exploits were observed were already pretty deep into the attack progression – and many were likely found only after-the-fact through deep forensic efforts rather than having been identified while the attacks were active.

Related: The US Postal Service Was Using Deprecated Software for Years

Knowing what’s targeted is always valuable info, but in general, we can say that keeping your software up to date by applying all of the available patches and updates as soon as they become available is key.

The software vendors have fixed all of the above vulnerabilities - and in some cases, they were fixed since over a year ago. Thus, seeing them in lists like this indicates a lack of proper system maintenance practices and general negligence.

How to Watch Kings of BBQ Online from Anywhere
Kings of BBQ follows Anthony Anderson, an Emmy-nominated performer and producer, and Cedric The Entertainer, an established comedian, as they take their...
How to Watch Hip Hop Treasures Online from Anywhere
Ice T and LL Cool J have teamed up to celebrate hip-hop's 50th anniversary in Hip Hop Treasures, a show focused on...
How to Watch New York Homicide Season 2 Online from Anywhere
In a bustling city like New York, crimes are bound to happen left and right. New York Homicide Season 2 explores different...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari