In 2021, the 15 most commonly exploited vulnerabilities — as observed by the US Cybersecurity and Infrastructure Security Agency, the US NSA, the US FBI, the Australian Cybersecurity Center, the Canadian Cybersecurity Center, the New York National Cybersecurity Center, Zeeland and the UK National Cybersecurity Center – led to code execution across a range of products and gave IT administrators a short window to get their house in order.
“For most of the most commonly exploited vulnerabilities, researchers or other entities released a proof of concept within two weeks of the vulnerability being disclosed, which likely made it easier for attackers to exploit more vulnerabilities,” the agencies said in a warning.
Topping the list is a vulnerability in the Java logging library Apache Log4j, also known as Log4Shell, which was discovered in December.
“The rapid and widespread exploitation of this vulnerability demonstrates the ability for attackers to quickly exploit known vulnerabilities and attack organizations before they apply patches,” the warning says.
It is followed by CVE-2021-40539, a remote code execution error in Zoho ManageEngine, and seven vulnerabilities in Exchange known as ProxyShell and ProxyLogin.
Next on the list is CVE-2021-26084 in Atlassian Confluence, which US Cybercom warned was heavily exploited in September. In this case, the agencies said the exploit code was released a week after the leak.
The latest 2021 vulnerability on the list is CVE-2021-21972, which affects VMware vSphere.
Old faults also have their place
The list is complemented by a quartet of vulnerabilities discovered over a year ago, namely CVE-2020-1472 in Microsoft Netlogon, also called Zerologon, CVE-2020-0688 in Exchange, CVE-2019-11510 Pulse Secure Connect, and CVE-2018-13379 affects two products Fortinet, FortiOS and FortiProxy.
A secondary list of 15 other CVEs has also been released, which includes flaws in the Accellion FTA, additional flaws in VMware vCenter remote code execution, and those that affect the Windows print spooler.
To mitigate these vulnerabilities, agencies have reiterated their recommendations to apply patches in a timely manner, use a centralized patch management system, and switch to cloud-based or managed service providers if quick scans are not considered feasible. The guidance adds that organizations should apply multi-factor authentication to all users without exception, especially VPN connections, as well as regularly check privileged accounts at least once a year and apply the principle of least privilege.