US, UK, and Australian agencies warn of top routinely exploited issues

Pierluigi Paganini July 28, 2021

A joint report published by US, UK, and Australian cyber security agencies warns of the top routinely exploited vulnerabilities in 2020.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI) published a Joint Cybersecurity Advisory that provides details on the top 30 vulnerabilities exploited by threat actors in 2020.

The advisory includes technical details for each vulnerability, including Indicators of Compromise (IoCs), and provides mitigations for them.

Threat actors continue to exploit publicly known, and often old vulnerabilities in attacks against organizations in multiple industries.

The cybersecurity agencies warn of attacks aimed at exploiting flaws in VPN appliances, network equipment and enterprise cloud applications from multiple vendors, including Atlassian, Citrix. Fortinet, F5, MobileIron, and Telerik.

The ongoing COVID19 pandemic caused the expansion of remote work options that leverage the use of virtual private networks (VPNs) and cloud-based environments, enlarging our surface of attack.

“Four of the most targeted vulnerabilities in 2020 affected remote work, VPNs, or cloud-based technologies. Many VPN gateway devices remained unpatched during 2020, with the growth of remote work options challenging the ability of organization to conduct rigorous patch management.” reads the joint report.

In the following table is reported the list of top routinely exploited vulnerabilities in 2020:

top vulnerabilities

In 2021, top routinely exploited issues affect Microsoft, Pulse, Accellion, VMware, and Fortinet products. Below is the list of most exploited flaws:

  • Microsoft Exchange: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 
  • Pulse Secure: CVE-2021-22893, CVE-2021-22894, CVE-2021-22899, and CVE-2021-22900
  • Accellion: CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104
  • VMware: CVE-2021-21985
  • Fortinet: CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591 

“Organizations that have not remediated these vulnerabilities should investigate for the presence of IOCs and, if compromised, initiate incident response and recovery plans,” concludes the alert.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, vulnerabilites)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment