The Five Eyes security agencies, a group of intelligence agencies from Canada, Australia, New Zealand, the United States, and the United Kingdom have released a joint advisory regarding the 15 vulnerabilities in software programs and operating systems that were most frequently attacked by cybercriminal groups and nation-state hackers in 2021.
All through 2021, malicious cyber actors attacked newly revealed critical software vulnerabilities in attacks on a broad array of industry groups, which include public and private industry groups. 11 of the most consistently attacked vulnerabilities were openly revealed in 2021, though older vulnerabilities are still taken advantage of. The 15 most used vulnerabilities are the following: 9 remote code execution vulnerabilities, 2 elevation of privilege vulnerabilities, and path traversal, security bypass, arbitrary code execution, and arbitrary file reading vulnerabilities.
The maximum severity Log4Shell vulnerability was leading the list of vulnerabilities. It was identified in the Apache Log4j open source logging system. A threat actor can remotely exploit the CVE-2021-44228 vulnerability to allow the execution of arbitrary code, giving the attacker complete handle of a vulnerable system. It was publicly disclosed in December 2021, but it continues to rank first as the most frequently exploited vulnerability, showing how attackers can easily weaponize and take advantage of vulnerabilities before companies can apply patching. The vulnerability was ranked one of the most critical vulnerabilities to be identified in the last 10 years.
List of Vulnerabilities
1. CVE-2021-44228 – Log4Shell vulnerability in Apache Log4j allows Remote code execution (RCE)
2. CVE-2021-40539 – vulnerability in Zoho ManageEngine in AD SelfService Plus allows RCE
3. CVE-2021-34523 – ProxyShell vulnerability in Microsoft Exchange Server allows Elevation of privilege
4. CVE-2021-34473 – ProxyShell vulnerability in Microsoft Exchange Server allows RCE
5. CVE-2021-31207 – ProxyShell vulnerability in Microsoft Exchange Server allows Security feature bypass
6. CVE-2021-27065 – ProxyLogon vulnerability in Microsoft Exchange Server allows RCE
7. CVE-2021-26858 – ProxyLogon vulnerability in Microsoft Exchange Server allows RCE
8. CVE-2021-26857 – ProxyLogon vulnerability in Microsoft Exchange Server allows RCE
9. CVE-2021-26855 – ProxyLogon vulnerability in Microsoft Exchange Server allows RCE
10. CVE-2021-26084 – Atlassian vulnerability in Confluence Server and Data Center allows Arbitrary code execution
11. CVE-2021-21972 -VMware vulnerability in vSphere Client allows RCE
12. CVE-2020-1472 – ZeroLogon vulnerability in Microsoft Netlogon Remote Protocol (MS-NRPC) allows elevation of privilege
13. CVE-2020-0688 – vulnerability in Microsoft Exchange Server allows RCE
14. CVE-2019-11510 – Pulse Secure vulnerability in Pulse Connect Secure allows arbitrary file reading
15. CVE-2018-13379 – Fortinet vulnerability in FortiOS and FortiProxy allows path traversal
Vulnerability CVE-2021-40539 in Zoho ManageEngine AD SelfService Plus is a remote code execution vulnerability. It got an assigned CVSS severity rating of 9.8. It was the second most frequently exploited vulnerability and until 2022, there are attacks exploiting this vulnerability. The vulnerability may be exploited remotely and permits web shells to be installed in a network, so that the attacker compromises credentials, move laterally, and copy sensitive information.
The ProxyLogon vulnerabilities in Microsoft Exchange email servers were additionally widely exploited. The vulnerabilities CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 permit remote hackers to execute arbitrary code on compromised exchange servers to acquire access to data files and inboxes on the servers, together with any credentials kept on the servers.
Three ProxyShell vulnerabilities were included in the top 15 list. The vulnerabilities CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207 may be taken advantage of on Microsoft Exchange email servers that have exposed the Microsoft Client Access Service (CAS) online. This is a typical setup that enables users to gain access to their email accounts on their mobile phones and through internet browsers. The vulnerabilities could be taken advantage of to remotely implement arbitrary code on compromised servers.
In numerous instances, vulnerabilities were taken advantage of within two weeks of the public disclosure of vulnerabilities, most often due to security researchers creating proof-of-concept exploits, which aided a wider selection of threat actors to easily take advantage of the vulnerabilities prior to patching by companies.
Twenty-one other vulnerabilities are posted that are likewise regularly exploited, such as those from 2021 and a few from 2017. Patching these vulnerabilities immediately will make sure they can’t be taken advantage of. The Five Eyes agencies have likewise made a list of mitigations that make it more difficult for threat actors to take advantage of these and other vulnerabilities.