Experts from CISA, the NSA and the FBI have published a list of 12 vulnerabilities that attackers most often used in 2022.
It turned out that hackers more often focused their attacks on problems in outdated software, rather than on fresh bugs discovered directly in 2022. The attacks mainly targeted vulnerable systems accessible via the Internet.
Cybersecurity regulators in the United States, Australia, Canada, New Zealand, and the United Kingdom are now calling on organizations around the world to address these flaws, as well as deploy patch management systems to minimize the risk of potential attacks.
In addition to the bugs listed above, the report is accompanied by a list of 30 other vulnerabilities that are often used to compromise organizations, as well as information on how companies and organizations can reduce their exposure to such attacks.
It turned out that hackers more often focused their attacks on problems in outdated software, rather than on fresh bugs discovered directly in 2022. The attacks mainly targeted vulnerable systems accessible via the Internet.
Cybersecurity regulators in the United States, Australia, Canada, New Zealand, and the United Kingdom are now calling on organizations around the world to address these flaws, as well as deploy patch management systems to minimize the risk of potential attacks.
Although CVE identifiers received more than 25,000 bugs last year, only five vulnerabilities in 2022 were included in the list of the most exploited.:"PoC exploits were available for many software vulnerabilities and vulnerability chains, which probably made them easier to exploit for a wide range of attackers," the experts write.
CVE | Manufacturer | Product | Type |
CVE-2018-13379 | Fortinet | FortiOS and FortiProxy | SSL VPN Credential Disclosure |
CVE-2021-34473 (Proxy Shell) | Microsoft | Exchange Server | RCE |
CVE-2021-31207 (Proxy Shell) | Microsoft | Exchange Server | Bypassing security |
CVE-2021-34523 (Proxy Shell) | Microsoft | Exchange Server | Privilege Escalation |
CVE-2021-40539 | Zoho | ADSelfService Plus | RCE, bypassing authentication |
CVE-2021-26084 | Atlassian | Confluence Server/Data Center | Выполнение произвольного кода |
CVE-2021- 44228 (Log4Shell) | Apache | Log4j2 | RCE |
CVE-2022-22954 | VMware | Workspace ONE | RCE |
CVE-2022-22960 | VMware | Workspace ONE | Некорректное управление привилегиями |
CVE-2022-1388 | F5 Networks | BIG-IP | Отсутствие аутентификации |
CVE-2022-30190 | Microsoft | Multiple Products | RCE |
CVE-2022-26134 | Atlassian | Confluence Server/Data Center | RCE |
"Organizations continue to use uncorrected software and systems, leaving easy — to — detect gaps for malicious attacks," says Neil Ziering, CTO of the NSA's Cybersecurity Office." Old vulnerabilities can provide these attackers with a low-cost and highly effective means of accessing sensitive data."