Skip to content

Top Exploited Vulnerabilities of 2020 and 2021

Joint Cybersecurity Advisory (JCA), coauthored by the US Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the UK’s National Cyber Security Centre (NCSC), and the FBI, has found that, in 2020, cyber actors readily exploited disclosed vulnerabilities - the majority of which were disclosed during the past two years - to compromise unpatched systems.

Four of the most targeted vulnerabilities affected remote work, VPNs, or cloud-based technologies; a fact more than likely due to the volume of 'out of office' work brought about by COVID.

CISA, ACSC, NCSC, and FBI consider the following vulnerabilities to be the topmost regularly exploited CVEs by cyber actors during 2020:

Citrix - CVE-2019-19781 - arbitrary code execution

Pulse - CVE-2019-11510 - arbitrary file reading

Fortinet - CVE-2018-13379 - path traversal

F5- Big IP - CVE-2020-5902 - remote code execution (RCE)

MobileIron - CVE-2020-15505 - RCE

Microsoft - CVE-2017-11882 - RCE

Atlassian - CVE-2019-11580 - RCE

Drupal - CVE-2018-7600 - RCE

Telerik - CVE-2019-18935 - RCE

Microsoft - CVE-2019-0604 - RCE

Microsoft - CVE-2020-0787 - elevation of privilege

Netlogon - CVE-2020-1472 - elevation of privilege

 

In 2021, cyber actors have continued targeting vulnerabilities in perimeter-type devices. The JCA states that priority should be given for patching for the following CVEs, which are known to be exploited ...

Microsoft Exchange:

CVE-2021-26855

CVE-2021-26857

CVE-2021-26858

CVE-2021-27065

 

Pulse Secure:

CVE-2021-22893

CVE-2021-22894

CVE-2021-22899

CVE-2021-22900

 

Accellion:

CVE-2021-27101

CVE-2021-27102

CVE-2021-27103

CVE-2021-27104

 

VMware:

CVE-2021-21985

 

Fortinet:

CVE-2018-13379

CVE-2020-12812

CVE-2019-5591

 

The JCA advises that updating software versions once patches are available is the best way to mitigate many vulnerabilities. However, they state that if this isn't possible, "consider applying temporary workarounds or other mitigations, if provided by the vendor ... to further assist remediation, automatic software updates should be enabled whenever possible."

Businesses often use multiple software and keeping across all the vendors and their updates etc can be time-consuming and lead to missed alerts which, in turn, leaves them at risk. Automated software updates is one way of preventing this.

Bad actors ply their trade in many ways and using software vulnerabilities to access computers and their networks is one of them. Making sure your software is up to date is one way to ensure the safety of your business.