CISA, FBI, and NSA published the list of 12 most exploited vulnerabilities of 2022

Pierluigi Paganini August 04, 2023

CISA, the FBI, and NSA, along with Five Eyes cybersecurity agencies published a list of the 12 most exploited vulnerabilities of 2022.

CISA, the NSA, and the FBI, in collaboration with cybersecurity authorities from Australia, Canada, New Zealand, and the United Kingdom, have published a list of the 12 most exploited vulnerabilities of 2022.

The knowledge of the 12 most exploited vulnerabilities of 2022 allows organizations to prioritize their patch management operations to minimize the attack surface.

“This advisory provides details on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2022 and the associated Common Weakness Enumeration(s) (CWE).” reads the advisory published by US agencies.

“The authoring agencies strongly encourage vendors, designers, developers, and end-user organizations to implement the recommendations found within the Mitigations section of this advisory to reduce the risk of compromise by malicious cyber actors.”

Government experts warn that in 2022, most of the exploited flaws were older software vulnerabilities and that threat actors targeted unpatched, internet-facing systems.

The availability of Proof of concept (PoC) code for many of the vulnerabilities in the list make it easy for threat actors the exploitation these issues to carry out a broad range of malicious activities.

According to the advisory, threat actors generally have the most success exploiting known vulnerabilities within the first two years of public disclosure.

Below is the list 12 most exploited vulnerabilities of 2022:

CVEVendorProductTypeCWE
CVE-2018-13379FortinetFortiOS and FortiProxySSL VPN credential exposureCWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CVE-2021-34473(Proxy Shell)MicrosoftExchange ServerRCECWE-918 Server-Side Request Forgery (SSRF)
CVE-2021-31207(Proxy Shell)MicrosoftExchange ServerSecurity Feature BypassCWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CVE-2021-34523(Proxy Shell)MicrosoftExchange ServerElevation of PrivilegeCWE-287 Improper Authentication
CVE-2021-40539Zoho ManageEngineADSelfService PlusRCE/Authentication BypassCWE-287 Improper Authentication
CVE-2021-26084AtlassianConfluence Server and Data CenterArbitrary code executionCWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
CVE-2021- 44228(Log4Shell)ApacheLog4j2RCECWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement (‘Expression Language Injection’) CWE-20 Improper Input Validation CWE-400 Uncontrolled Resource Consumption CWE-502 Deserialization of Untrusted Data
CVE-2022-22954VMwareWorkspace ONE Access and Identity ManagerRCECWE-94 Improper Control of Generation of Code (‘Code Injection’)
CVE-2022-22960VMwareWorkspace ONE Access, Identity Manager, and vRealize AutomationImproper Privilege ManagementCWE-269 Improper Privilege Management
CVE-2022-1388F5 NetworksBIG-IPMissing Authentication VulnerabilityCWE-306 Missing Authentication for Critical Function
CVE-2022-30190MicrosoftMultiple ProductsRCENone Listed
CVE-2022-26134AtlassianConfluence Server and Data CenterRCECWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)

In 2022, the most exploited vulnerability is a flaw in Fortinet SSL VPN tracked as CVE-2018-13379. The vulnerability was exploited by multiple threat actors [1, 2, 3, 4, 5], including Russia-linked APT groups that targeted critical infrastructure.

The advisory also includes 30 additional routinely exploited vulnerabilities in 2022.

The advisory also provides mitigations for vendors and developers.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, most exploited vulnerabilities)



you might also like

leave a comment