Log4Shell, ProxyShell, ProxyLogon, ZeroLogon and flaws in Zoho ManageEngine AD SelfService Plus, Atlassian Confluence and VMware vSphere Client are among the top security vulnerabilities exploited in 2021.
It’s according to a “Main vulnerabilities regularly exploited” report published by the cybersecurity authorities of the Five Eyes nations Australia, Canada, New Zealand, United Kingdom and United States
Other frequently weaponized flaws include a remote code execution bug in Microsoft Exchange Server (CVE-2020-0688), an arbitrary file reading vulnerability in Pulse Secure Pulse Connect Secure (CVE-2019-11510), and a path traversal flaw in Fortinet FortiOS and FortiProxy (CVE-2018-13379).
Nine of the top 15 regularly exploited flaws were remote code execution vulnerabilities, followed by two privilege escalation vulnerabilities, and one each of security feature bypass, arbitrary code execution, read arbitrary file and path traversal.
“Globally, in 2021, malicious cyber actors targeted Internet-connected systems, such as mail servers and virtual private network (VPN) servers, with exploits of newly disclosed vulnerabilities,” the agencies said in a joint opinion.
“For most of the most exploited vulnerabilities, researchers or other actors released proof-of-concept (PoC) code within two weeks of the vulnerability’s disclosure, likely facilitating exploitation by a wider range of users. ‘malicious actors.’
To mitigate the risk of exploiting publicly known software vulnerabilities, agencies recommend that organizations apply patches in a timely manner and implement a centralized patch management system.