The Five Eyes cybersecurity authorities, in collaboration with CISA, the NSA, and the FBI, have released a list of the 12 most exploited vulnerabilities throughout 2022. The list includes vulnerabilities in software from Microsoft, Adobe, Cisco, and other major vendors.
“In 2022, malicious cyber actors exploited older software vulnerabilities more frequently than recently disclosed vulnerabilities and targeted unpatched, internet-facing systems,” the joint advisory reads.
“Proof of concept (PoC) code was publicly available for many of the software vulnerabilities or vulnerability chains, likely facilitating exploitation by a broader range of malicious cyber actors.”
Below is the list of the 12 most exploited security flaws last year and relevant links to the National Vulnerability Database entries.
CVE | Vendor | Product | Type |
CVE-2018-13379 | Fortinet | FortiOS and FortiProxy | SSL VPN credential exposure |
CVE-2021-34473 (Proxy Shell) | Microsoft | Exchange Server | RCE |
CVE-2021-31207 (Proxy Shell) | Microsoft | Exchange Server | Security Feature Bypass |
CVE-2021-34523 (Proxy Shell) | Microsoft | Exchange Server | Elevation of Privilege |
CVE-2021-40539 | Zoho | ADSelfService Plus | RCE/Auth Bypass |
CVE-2021-26084 | Atlassian | Confluence Server/Data Center | Arbitrary code execution |
CVE-2021- 44228 (Log4Shell) | Apache | Log4j2 | RCE |
CVE-2022-22954 | VMware | Workspace ONE | RCE |
CVE-2022-22960 | VMware | Workspace ONE | Improper Privilege Management |
CVE-2022-1388 | F5 Networks | BIG-IP | Missing Authentication |
CVE-2022-30190 | Microsoft | Multiple Products | RCE |
CVE-2022-26134 | Atlassian | Confluence Server/Data Center | RCE |
The authorities urge organizations worldwide to address these security flaws and deploy patch management systems to minimize their exposure to potential attacks.
They also recommend that organizations implement other security measures, such as using strong passwords, enabling multi-factor authentication, and monitoring their networks for suspicious activity.
Bijay Pokharel
Related posts
Subscribe
Cybersecurity Newsletter
You have Successfully Subscribed!
Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox. You are also consenting to our Privacy Policy and Terms of Use.