CISA, the NSA, and the FBI, in collaboration with cybersecurity authorities from Australia, Canada, New Zealand, and the United Kingdom, have published a list of the 12 most exploited vulnerabilities of 2022.
The knowledge of the 12 most exploited vulnerabilities of 2022 allows organizations to prioritize their patch management operations to minimize the attack surface.
“This advisory provides details on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2022 and the associated Common Weakness Enumeration(s) (CWE).” reads the advisory published by US agencies.
“The authoring agencies strongly encourage vendors, designers, developers, and end-user organizations to implement the recommendations found within the Mitigations section of this advisory to reduce the risk of compromise by malicious cyber actors.”
Government experts warn that in 2022, most of the exploited flaws were older software vulnerabilities and that threat actors targeted unpatched, internet-facing systems.
The availability of Proof of concept (PoC) code for many of the vulnerabilities in the list make it easy for threat actors the exploitation these issues to carry out a broad range of malicious activities.
According to the advisory, threat actors generally have the most success exploiting known vulnerabilities within the first two years of public disclosure.
Below is the list 12 most exploited vulnerabilities of 2022:
|CVE-2018-13379||Fortinet||FortiOS and FortiProxy||SSL VPN credential exposure||CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)|
|CVE-2021-34473(Proxy Shell)||Microsoft||Exchange Server||RCE||CWE-918 Server-Side Request Forgery (SSRF)|
|CVE-2021-31207(Proxy Shell)||Microsoft||Exchange Server||Security Feature Bypass||CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)|
|CVE-2021-34523(Proxy Shell)||Microsoft||Exchange Server||Elevation of Privilege||CWE-287 Improper Authentication|
|CVE-2021-40539||Zoho ManageEngine||ADSelfService Plus||RCE/Authentication Bypass||CWE-287 Improper Authentication|
|CVE-2021-26084||Atlassian||Confluence Server and Data Center||Arbitrary code execution||CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)|
|CVE-2021- 44228(Log4Shell)||Apache||Log4j2||RCE||CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement (‘Expression Language Injection’) CWE-20 Improper Input Validation CWE-400 Uncontrolled Resource Consumption CWE-502 Deserialization of Untrusted Data|
|CVE-2022-22954||VMware||Workspace ONE Access and Identity Manager||RCE||CWE-94 Improper Control of Generation of Code (‘Code Injection’)|
|CVE-2022-22960||VMware||Workspace ONE Access, Identity Manager, and vRealize Automation||Improper Privilege Management||CWE-269 Improper Privilege Management|
|CVE-2022-1388||F5 Networks||BIG-IP||Missing Authentication Vulnerability||CWE-306 Missing Authentication for Critical Function|
|CVE-2022-30190||Microsoft||Multiple Products||RCE||None Listed|
|CVE-2022-26134||Atlassian||Confluence Server and Data Center||RCE||CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)|
In 2022, the most exploited vulnerability is a flaw in Fortinet SSL VPN tracked as CVE-2018-13379. The vulnerability was exploited by multiple threat actors [1, 2, 3, 4, 5], including Russia-linked APT groups that targeted critical infrastructure.
The advisory also includes 30 additional routinely exploited vulnerabilities in 2022.
The advisory also provides mitigations for vendors and developers.
(SecurityAffairs – hacking, most exploited vulnerabilities)