The Five Eyes cybersecurity authorities, in collaboration with CISA, the NSA, and the FBI, have released a list of the 12 most exploited vulnerabilities throughout 2022. The list includes vulnerabilities in software from Microsoft, Adobe, Cisco, and other major vendors.

“In 2022, malicious cyber actors exploited older software vulnerabilities more frequently than recently disclosed vulnerabilities and targeted unpatched, internet-facing systems,” the joint advisory reads.

“Proof of concept (PoC) code was publicly available for many of the software vulnerabilities or vulnerability chains, likely facilitating exploitation by a broader range of malicious cyber actors.”

Below is the list of the 12 most exploited security flaws last year and relevant links to the National Vulnerability Database entries.

CVEVendorProductType
CVE-2018-13379FortinetFortiOS and FortiProxySSL VPN credential exposure
CVE-2021-34473 (Proxy Shell)MicrosoftExchange ServerRCE
CVE-2021-31207 (Proxy Shell)MicrosoftExchange ServerSecurity Feature Bypass
CVE-2021-34523 (Proxy Shell)MicrosoftExchange ServerElevation of Privilege
CVE-2021-40539ZohoADSelfService PlusRCE/Auth Bypass
CVE-2021-26084AtlassianConfluence Server/Data CenterArbitrary code execution
CVE-2021- 44228 (Log4Shell)ApacheLog4j2RCE
CVE-2022-22954VMwareWorkspace ONERCE
CVE-2022-22960VMwareWorkspace ONEImproper Privilege Management
CVE-2022-1388F5 NetworksBIG-IPMissing Authentication
CVE-2022-30190MicrosoftMultiple ProductsRCE
CVE-2022-26134AtlassianConfluence Server/Data CenterRCE

The authorities urge organizations worldwide to address these security flaws and deploy patch management systems to minimize their exposure to potential attacks.

They also recommend that organizations implement other security measures, such as using strong passwords, enabling multi-factor authentication, and monitoring their networks for suspicious activity.

READ
Citrix Netscaler Targeted in Widespread Password Spray Attacks