Log4Shell, ProxyShell, ProxyLogon, ZeroLogon, and flaws in Zoho ManageEngine AD SelfService Plus, Atlassian Confluence, and VMware vSphere Client emerged as a few of the high exploited safety vulnerabilities in 2021.
That’s in line with a “Top Routinely Exploited Vulnerabilities” report launched by cybersecurity authorities from the Five Eyes nations Australia, Canada, New Zealand, the U.Ok., and the U.S.
Other often weaponized flaws included a distant code execution bug in Microsoft Exchange Server (CVE-2020-0688), an arbitrary file learn vulnerability in Pulse Secure Pulse Connect Secure (CVE-2019-11510), and a path traversal defect in Fortinet FortiOS and FortiProxy (CVE-2018-13379).
Nine of the highest 15 routinely exploited flaws had been distant code execution vulnerabilities, adopted by two privilege escalation weaknesses, and one every of safety function bypass, arbitrary code execution, arbitrary file learn, and path traversal flaws.
“Globally, in 2021, malicious cyber actors targeted internet-facing systems, such as email servers and virtual private network (VPN) servers, with exploits of newly disclosed vulnerabilities,” the businesses stated in a joint advisory.
“For most of the top exploited vulnerabilities, researchers or other actors released proof of concept (PoC) code within two weeks of the vulnerability’s disclosure, likely facilitating exploitation by a broader range of malicious actors.”
To mitigate the danger of exploitation of publicly identified software program vulnerabilities, the businesses are recommending organizations to use patches in a well timed trend and implement a centralized patch administration system.