Cybersecurity Agencies Reveal the Top Exploited Vulnerabilities of 2021

U.S. cybersecurity agencies joined their counterparts around the globe to urge organizations to address the top 15 vulnerabilities exploited in 2021.

Topping the list were the Log4Shell vulnerability and Microsoft bugs ProxyShell and ProxyLogon. Microsoft occupied more than half the list, with Exchange Server accounting for eight of the vulnerabilities. VMware, Atlassian, Pulse Secure and Fortinet rounded out the list.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), NSA and FBI joined their “Five Eyes” counterparts in issuing the alert: the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NZ NCSC), and the UK’s National Cyber Security Centre (NCSC UK).

The advisory entails the top 15 Common Vulnerabilities and Exposures (CVEs) that were routinely exploited by malicious cyber actors in 2021, plus another 21 frequently exploited CVEs. The cybersecurity authorities urged organizations to immediately apply timely patches to their systems and implement a centralized patch management system in order to reduce their attack surface.

Also read: Best Patch Management Software & Tools

Web-Facing Systems at Risk

Malicious actors tend to focus on internet-facing systems to gain entry into a network, such as email and virtual private network (VPN) servers, using exploits targeting newly disclosed vulnerabilities.

“U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities assess, in 2021, malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities against broad target sets, including public and private sector organizations worldwide,” said the advisory.

It could be because of the malicious actors and security researchers releasing proof of concept (POC) exploits within two weeks of the initial disclosure of most of the top exploited bugs in 2021. However, some of the attacks were focused on older vulnerabilities patched years before, indicating that some organizations fail to update their systems even if they detect a patch.

See the Top Secure Email Gateways

Top 15 Routinely Exploited Vulnerabilities

The table below shows the top 15 vulnerabilities observed by the US, Australian, Canadian, New Zealand, and UK cybersecurity authorities, linked to National Vulnerability Database entries and associated malware.

CVE Vulnerability Vendor and Product Type
CVE-2021-44228 Log4Shell Apache Log4j Remote code execution (RCE)
CVE-2021-40539   Zoho ManageEngine AD SelfService Plus RCE
CVE-2021-34523 ProxyShell Microsoft Exchange Server (MES) Elevation of privilege
CVE-2021-34473 ProxyShell MES RCE
CVE-2021-31207 ProxyShell MES Security feature bypass
CVE-2021-27065 ProxyLogon MES RCE
CVE-2021-26858 ProxyLogon MES RCE
CVE-2021-26857 ProxyLogon MES RCE
CVE-2021-26855 ProxyLogon MES RCE
CVE-2021-26084

 

  Atlassian Confluence Server and Data Center Arbitrary code execution
CVE-2021-21972   VMware vSphere Client RCE
CVE-2020-1472 ZeroLogon Microsoft Netlogon Remote Protocol (MS-NRPC) Elevation of privilege
CVE-2020-0688   MES RCE
CVE-2019-11510   Pulse Secure Pulse Connect Secure Arbitrary file reading
CVE-2018-13379   Fortinet FortiOS and FortiProxy Path traversal

Other Routinely Exploited Vulnerabilities

In addition to the 15 vulnerabilities listed in the table above, the alert also listed 21 additional security vulnerabilities identified by the cybersecurity agencies that were routinely exploited by malicious cyber actors in 2021.

It includes multiple vulnerabilities that affect internet-facing systems, including Accellion File Transfer Appliance (FTA), Pulse Secure Pulse Connect Secure, and Windows Print Spooler. Three of these vulnerabilities — CVE-2019-19781, CVE-2019-18935, and CVE-2017-11882 — were also routinely exploited in 2020.

CVE Vendor and Product Type
CVE-2021-42237 Sitecore XP RCE
CVE-2021-35464 ForgeRock OpenAM server RCE
CVE-2021-27104 Accellion FTA OS command execution
CVE-2021-27103 Accellion FTA Server-side request forgery
CVE-2021-27102 Accellion FTA OS command execution
CVE-2021-27101 Accellion FTA SQL injection
CVE-2021-21985 VMware vCenter Server RCE
CVE-2021-20038 SonicWall Secure Mobile Access (SMA) RCE
CVE-2021-40444 Microsoft MSHTML RCE
CVE-2021-34527 Microsoft Windows Print Spooler RCE
CVE-2021-3156 Sudo Privilege escalation
CVE-2021-27852 Checkbox Survey Remote arbitrary code execution
CVE-2021-22893 Pulse Secure Pulse Connect Secure Remote arbitrary code execution
CVE-2021-20016 SonicWall SSLVPN SMA100 Improper SQL command neutralization, allowing for credential access
CVE-2021-1675 Windows Print Spooler RCE
CVE-2020-2509 QNAP QTS and QuTS hero Remote arbitrary code execution
CVE-2019-19781 Citrix Application Delivery Controller (ADC) and Gateway Arbitrary code execution
CVE-2019-18935 Progress Telerik UI for ASP.NET AJAX Code execution
CVE-2018-0171 Cisco IOS Software and IOS XE Software Remote arbitrary code execution
CVE-2017-11882 Microsoft Office RCE
CVE-2017-0199 Microsoft Office RCE

Mitigation Measures

The advisory also includes some mitigation measures to reduce the risk associated with the most abused flaws detailed above. It suggests that companies should use a centralized patch management system while regularly updating their software, applications, operating systems, and firmware on IT network assets. They should also enforce multifactor authentication (MFA) for all users, without exception, and must review, validate, or remove privileged accounts in a timely manner (annually at a minimum).

Read next: Best Privileged Access Management (PAM) Software

Sunny Yadav
Sunny is a creative individual who enjoys simplifying tech concepts for the modern reader. He brings 5+ years of experience working with global tech companies related to AI, ML, cybersecurity, big data, IoT, etc. With his natural flair for writing, Sunny also brings the editorial eye to the table, making him a great addition to TechnologyAdvice's contributor list.

Top Products

Related articles