CISA, FBI, and NSA published the list of 12 most exploited vulnerabilities of 2022

CISA, the FBI, and NSA, along with Five Eyes cybersecurity agencies published a list of the 12 most exploited vulnerabilities of 2022.

CISA, the NSA, and the FBI, in collaboration with cybersecurity authorities from Australia, Canada, New Zealand, and the United Kingdom, have published a list of the 12 most exploited vulnerabilities of 2022.

The knowledge of the 12 most exploited vulnerabilities of 2022 allows organizations to prioritize their patch management operations to minimize the attack surface.

“This advisory provides details on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2022 and the associated Common Weakness Enumeration(s) (CWE).” reads the advisory published by US agencies.

“The authoring agencies strongly encourage vendors, designers, developers, and end-user organizations to implement the recommendations found within the Mitigations section of this advisory to reduce the risk of compromise by malicious cyber actors.”

Government experts warn that in 2022, most of the exploited flaws were older software vulnerabilities and that threat actors targeted unpatched, internet-facing systems.

The availability of Proof of concept (PoC) code for many of the vulnerabilities in the list make it easy for threat actors the exploitation these issues to carry out a broad range of malicious activities.

According to the advisory, threat actors generally have the most success exploiting known vulnerabilities within the first two years of public disclosure.

Below is the list 12 most exploited vulnerabilities of 2022:

CVE	Vendor	Product	Type	CWE
CVE-2018-13379	Fortinet	FortiOS and FortiProxy	SSL VPN credential exposure	CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CVE-2021-34473(Proxy Shell)	Microsoft	Exchange Server	RCE	CWE-918 Server-Side Request Forgery (SSRF)
CVE-2021-31207(Proxy Shell)	Microsoft	Exchange Server	Security Feature Bypass	CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CVE-2021-34523(Proxy Shell)	Microsoft	Exchange Server	Elevation of Privilege	CWE-287 Improper Authentication
CVE-2021-40539	Zoho ManageEngine	ADSelfService Plus	RCE/Authentication Bypass	CWE-287 Improper Authentication
CVE-2021-26084	Atlassian	Confluence Server and Data Center	Arbitrary code execution	CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
CVE-2021- 44228(Log4Shell)	Apache	Log4j2	RCE	CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement (‘Expression Language Injection’) CWE-20 Improper Input Validation CWE-400 Uncontrolled Resource Consumption CWE-502 Deserialization of Untrusted Data
CVE-2022-22954	VMware	Workspace ONE Access and Identity Manager	RCE	CWE-94 Improper Control of Generation of Code (‘Code Injection’)
CVE-2022-22960	VMware	Workspace ONE Access, Identity Manager, and vRealize Automation	Improper Privilege Management	CWE-269 Improper Privilege Management
CVE-2022-1388	F5 Networks	BIG-IP	Missing Authentication Vulnerability	CWE-306 Missing Authentication for Critical Function
CVE-2022-30190	Microsoft	Multiple Products	RCE	None Listed
CVE-2022-26134	Atlassian	Confluence Server and Data Center	RCE	CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)

In 2022, the most exploited vulnerability is a flaw in Fortinet SSL VPN tracked as CVE-2018-13379. The vulnerability was exploited by multiple threat actors [1, 2, 3, 4, 5], including Russia-linked APT groups that targeted critical infrastructure.

The advisory also includes 30 additional routinely exploited vulnerabilities in 2022.

The advisory also provides mitigations for vendors and developers.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, most exploited vulnerabilities)

The post CISA, FBI, and NSA published the list of 12 most exploited vulnerabilities of 2022 appeared first on Security Affairs.