On July 28th, CISA released a “Joint Cybersecurity Advisory” along with the Australian Cyber Security Centre, the United Kingdom’s National Cyber Security Centre, and the FBI. The Advisory reviews the top 30 vulnerabilities of 2020 and 2021 that were, and continue to be, routinely exploited.

Some of their key findings:

  • Threat actors are using disclosed vulnerabilities to comprimised unpatched systems
  • Four of the top vulnerabilities that threat actors are exploiting are from remote work, VPNs, or cloud-based technologies
  • “Top Routinely Exploited CVEs in 2020” according to the advisory:
    • Citrix, CVE-2019-19781, arbitrary code execution
    • Pulse, CVE 2019-11510, arbitrary file reading
    • Fortinet, CVE 2018-13379, path traversal
    • F5- Big IP, CVE 2020-5902, remote code execution (RCE)
    • MobileIron, CVE 2020-15505, RCE
    • Microsoft, CVE-2017-11882, RCE
    • Atlassian, CVE-2019-11580, RCE
    • Drupal, CVE-2018-7600, RCE
    • Telerik, CVE 2019-1893, RCE
    • Microsoft, CVE-2019-0604, RCE
    • Microsoft, CVE-2020-0787, elevation of privilege
    • Netlogon, CVE-2020-1472, elevation of privilege

The above is a great example of how important it is to have a  robust patching program within your organization.  You can find the full CISA Advisory here: LINK