October 4, 2023

CISA has published the list of 2021’s top 15 most exploited software vulnerabilities. This joint Cybersecurity Advisory (CSA) was co-authored by cybersecurity agencies of the United States, Australia, Canada, New Zealand, and the United Kingdom: The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), and United Kingdom’s National Cyber Security Centre (NCSC-UK). This advisory also includes other frequently exploited vulnerabilities.

Globally, in 2021, malicious cyber actors targeted internet-facing systems, such as email servers and virtual private network (VPN) servers, with exploits of newly disclosed vulnerabilities. For most of the top exploited vulnerabilities, researchers or other actors released proof of concept (POC) code within two weeks of the vulnerability’s disclosure, likely facilitating exploitation by a broader range of malicious actors.

CISA Statement

The list includes CVE-2021-21972 affecting VMware vSphere Client, CVE-2021-26084 in Atlassian Confluence, CVE-2021-40539 in Zoho ManageEngine AD SelfService Plus, CVE-2018-13379 in Fortinet FortiOS and FortiProxy, CVE-2019-11510 in Pulse Secure Pulse Connect Secure CVE-2019-11510), Log4Shell, ProxyLogon ProxyShell, and ZeroLogon.

  CVEVulnerability NameVendor and ProductType
CVE-2021-44228Log4ShellApache Log4jRCE
CVE-2021-40539 Zoho ManageEngine AD SelfService PlusRCE
CVE-2021-34523ProxyShellMicrosoft Exchange ServerElevation of privilege
CVE-2021-34473ProxyShellMicrosoft Exchange ServerRCE
CVE-2021-31207ProxyShellMicrosoft Exchange ServerSecurity feature bypass
CVE-2021-27065ProxyLogonMicrosoft Exchange ServerRCE
CVE-2021-26858ProxyLogonMicrosoft Exchange ServerRCE
CVE-2021-26857ProxyLogonMicrosoft Exchange ServerRCE
CVE-2021-26855ProxyLogonMicrosoft Exchange ServerRCE
CVE-2021-26084 Atlassian Confluence Server and Data CenterArbitrary code execution
CVE-2021-21972 VMware vSphere ClientRCE
CVE-2020-1472ZeroLogonMicrosoft Netlogon Remote Protocol (MS-NRPC)Elevation of privilege
CVE-2020-0688 Microsoft Exchange ServerRCE
CVE-2019-11510 Pulse Secure Pulse Connect SecureArbitrary file reading
CVE-2018-13379 Fortinet FortiOS and FortiProxyPath traversal

In addition to the 15 vulnerabilities listed above table, U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities identified vulnerabilities listed below, that were also routinely exploited by malicious cyber actors in 2021.

TheCyberThrone Most Rated Exploit Vulnerabilities of 2021: CISA: Top Exploited Vulnerabilities 2021

2021 Top Exploits

These vulnerabilities include multiple vulnerabilities affecting internet-facing systems, including Accellion File Transfer Appliance (FTA), Windows Print Spooler, and Pulse Secure Pulse Connect Secure. Three of these vulnerabilities were also routinely exploited in 2020: CVE-2019-19781, CVE-2019-18935, and CVE-2017-11882.

CVEVendor and ProductType
CVE-2021-42237Sitecore XPRCE
CVE-2021-35464ForgeRock OpenAM serverRCE
CVE-2021-27104Accellion FTAOS command execution
CVE-2021-27103Accellion FTAServer-side request forgery
CVE-2021-27102Accellion FTAOS command execution
CVE-2021-27101Accellion FTASQL injection
CVE-2021-21985VMware vCenter ServerRCE
CVE-2021-20038SonicWall Secure Mobile Access (SMA)RCE
CVE-2021-40444Microsoft MSHTMLRCE
CVE-2021-34527Microsoft Windows Print SpoolerRCE
CVE-2021-3156SudoPrivilege escalation
CVE-2021-27852Checkbox SurveyRemote arbitrary code execution
CVE-2021-22893Pulse Secure Pulse Connect SecureRemote arbitrary code execution
CVE-2021-20016SonicWall SSLVPN SMA100Improper SQL command neutralization, allowing for credential access
CVE-2021-1675Windows Print SpoolerRCE
CVE-2020-2509QNAP QTS and QuTS heroRemote arbitrary code execution
CVE-2019-19781Citrix Application Delivery Controller (ADC) and GatewayArbitrary code execution
CVE-2019-18935Progress Telerik UI for ASP.NET AJAXCode execution
CVE-2018-0171Cisco IOS Software and IOS XE SoftwareRemote arbitrary code execution
CVE-2017-11882Microsoft OfficeRCE
CVE-2017-0199Microsoft OfficeRCE

Vulnerability management, Identity, and access management, and Proactive controls such as Network segmentation, application whitelisting, IAM, and EDR are suggested as mitigation controls.

Leave a Reply

%d bloggers like this: