2023’s Most Exploited Vulnerabilities: A Global Cybersecurity Advisory

by do son ·

Exploited Vulnerabilities 2023

In a joint cybersecurity advisory, the top cybersecurity agencies from the United States, Australia, Canada, New Zealand, and the United Kingdom have identified the most exploited vulnerabilities of 2023. This advisory, coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), FBI, NSA, Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), and other national cybersecurity teams, highlights the critical CVEs (Common Vulnerabilities and Exposures) frequently targeted by malicious actors.

In 2023, malicious cyber actors exploited a greater number of zero-day vulnerabilities compared to 2022, enabling them to conduct sophisticated operations against high-value targets. The advisory notes that “in 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day.”

The advisory lists the 15 most exploited vulnerabilities, revealing patterns in the types of systems and software that are most frequently targeted. Here are the vulnerabilities:

CVE Vendor Product(s) Vulnerability Type CWE
CVE-2023-3519 Citrix NetScaler ADC

NetScaler Gateway

 Code Injection CWE-94: Improper Control of Generation of Code (‘Code Injection’)
CVE-2023-4966 Citrix NetScaler ADC

NetScaler Gateway

 Buffer Overflow CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-20198 Cisco IOS XE Web UI Privilege Escalation CWE-420: Unprotected Alternate Channel
CVE-2023-20273 Cisco IOS XE Web UI Command Injection CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
CVE-2023-27997 Fortinet FortiOS

FortiProxy SSL-VPN

 Heap-Based Buffer Overflow CWE-787: Out-of-bounds Write

CWE-122: Heap-based Buffer Overflow
CVE-2023-34362 Progress MOVEit Transfer SQL Injection CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
CVE-2023-22515 Atlassian Confluence Data Center and Server Broken Access Control CWE-20 Improper Input Validation
CVE-2021- 44228

(Log4Shell)

 Apache Log4j2 Remote Code Execution (RCE) CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement (‘Expression Language Injection’)

CWE-502: Deserialization of Untrusted Data

CWE-20 Improper Input Validation

CWE-400 Uncontrolled Resource Consumption
CVE-2023-2868 Barracuda Networks ESG Appliance Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command (‘Command Injection’)

CWE-20: Improper Input Validation
CVE-2022-47966 Zoho ManageEngine Multiple Products Remote Code Execution CWE-20 Improper Input Validation
CVE-2023-27350 PaperCut MF/NG Improper Access Control CWE-284: Improper Access Control
CVE-2020-1472 Microsoft Netlogon Privilege Escalation CWE-330: Use of Insufficiently Random Values
CVE-2023-42793 JetBrains TeamCity Authentication Bypass CWE-288: Authentication Bypass Using an Alternate Path or Channel
CVE-2023-23397 Microsoft Office Outlook Privilege Escalation CWE-294: Authentication Bypass by Capture-replay

CWE-20: Improper Input Validation
CVE-2023-49103 ownCloud graphapi Information Disclosure CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The advisory emphasizes that global collaboration is essential to counteract the growing threat of zero-day exploits. Key recommendations include:

  • Adopting security-centered development lifecycles: Developers are encouraged to integrate threat modeling and testing throughout the product lifecycle to reduce vulnerabilities.
  • Encouraging responsible vulnerability disclosure: Bug bounty programs and other incentives can help restrict zero-day exploits by encouraging researchers to report vulnerabilities instead of leaving them unpatched.
  • Utilizing advanced endpoint detection and response (EDR) tools: EDR solutions play a vital role in detecting suspicious activity and have been instrumental in identifying at least three of the top 15 zero-day vulnerabilities from last year.

Related Posts:

Tags: CVE-2021-44228CVE-2023-20198CVE-2023-27997CVE-2023-3519CVE-2023-4966Exploited Vulnerabilities