Cybersecurity agencies of the Five Eyes alliance publish list of the 15 most dangerous vulnerabilities. Patch them no matter what

In a joint statement, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the cybersecurity agencies of Canada, the United Kingdom, New Zealand and Australia published a list of the 15 CVE vulnerabilities most exploited by hackers during 2021 according to their most recent records.

This intelligence alliance, known as Five Eyes, ensures that the cyberattacks analyzed during the past year focused especially on critical infrastructure in various sectors, including public and private organizations around the world.

Among the most frequent targets of threat actors are Internet-oriented systems, such as email servers and VPN servers, employing exploits related to newly revealed vulnerabilities. For most of the major vulnerabilities fixed, researchers typically publish proof-of-concept (PoC) codes, although sometimes this makes the job of cybercriminals easier.

The table below shows the 15 most exploited vulnerabilities according to the Five Eyes report:

  • CVE-2021-44228: Remote Code Execution (RCE) in Apache Log4j (Log4Shell)
  • CVE-2021-40539: RCE in Zoho ManageEngine AD SelfService Plus
  • CVE-2021-34523: Privilege escalation in Microsoft Exchange Server (ProxyShell)
  • CVE-2021-34473: RCE on Microsoft Exchange Server (ProxyShell)
  • CVE-2021-31207: Security Evasion in Microsoft Exchange Server (ProxyShell)
  • CVE-2021-27065: RCE on Microsoft Exchange Server (ProxyLogon)
  • CVE-2021-26858:RCE on Microsoft Exchange Server (ProxyLogon)
  • CVE-2021-26857: RCE on Microsoft Exchange Server (ProxyLogon)
  • CVE-2021-26855: RCE on Microsoft Exchange Server (ProxyLogon)
  • CVE-2021-26084: Arbitrary code execution in Atlassian Confluence Server and Data Center
  • CVE-2021-21972: RCE in VMware vSphere Client
  • CVE-2020-1472: Privilege escalation in Microsoft NRPC (ZeroLogon)
  • CVE-2020-0688: RCE on Microsoft Exchange Server
  • CVE-2019-11510: Reading arbitrary files in Pulse Secure Pulse Connect Secure
  • CVE-2018-13379: Error path traversal in Fortinet FortiOS

 These flaws became critical security threats to public and private organizations around the world due to their ease of exploitation, availability of exploits and malicious potential, even continuing to generate some risk scenarios. Given this, CISA and the other agencies that collaborated in the report have proposed a series of measures to mitigate this risk, which include:

  • Use of a centralized patch management system
  • Replacement of software that has reached the end of its useful life and no longer receives updates
  • For organizations that cannot perform quick scans and patches, it is recommended to move these services to cloud service providers with the capacity for the correct administration of these procedures

More details are available in the full CISA report.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.