In a joint cybersecurity advisory, the security agencies across the world have identified the most exploited vulnerabilities of 2023. This advisory, coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), FBI, NSA, Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), and other national cybersecurity teams, highlights the critical CVEs (Common Vulnerabilities and Exposures) frequently targeted by malicious actors.
As per the notes In 2023, threat actors exploited a greater number of zero-day vulnerabilities compared to 2022, enabling them to conduct sophisticated operations against high-value targets.
The advisory lists the 15 most exploited vulnerabilities, revealing patterns in the types of systems and software that are most frequently targeted. Here are the vulnerabilities:
| CVE | Vendor | Product(s) | Vulnerability Type |
| CVE-2023-3519 | Citrix | NetScaler ADC & NetScaler Gateway | Code Injection |
| CVE-2023-4966 | Citrix | NetScaler ADC & NetScaler Gateway | Buffer Overflow |
| CVE-2023-20198 | Cisco | IOS XE Web UI | Privilege Escalation |
| CVE-2023-20273 | Cisco | IOS XE | Web UI Command Injection |
| CVE-2023-27997 | Fortinet | FortiOS & FortiProxy SSL-VPN | Heap-Based Buffer Overflow |
| CVE-2023-34362 | Progress | MOVEit Transfer | SQL Injection |
| CVE-2023-22515 | Atlassian | Confluence Data Center and Server | Broken Access Control |
| CVE-2021- 44228 | Apache | Log4j2 | Remote Code Execution (RCE) |
| CVE-2023-2868 | Barracuda Networks | ESG Appliance | Improper Input Validation |
| CVE-2022-47966 | Zoho | ManageEngine Multiple Products | Remote Code Execution |
| CVE-2023-27350 | PaperCut | MF/NG | Improper Access Control |
| CVE-2020-1472 | Microsoft | Netlogon | Privilege Escalation |
| CVE-2023-42793 | JetBrains | TeamCity | Authentication Bypass |
| CVE-2023-23397 | Microsoft | Office Outlook | Privilege Escalation |
| CVE-2023-49103 | ownCloud | graphapi | Information Disclosur |
