When a vendor or security researcher discloses a vulnerability in an IT product, organizations should be quick to apply the patch or implement a secure workaround to protect networks from bad actors that are quick to exploit that vulnerability.
When those vulnerabilities are in widely used products from popular vendors like Citrix, Pulse, Microsoft and Fortinet, updating and applying the patch is even more critical as vulnerabilities in products from those vendors were among the most exploited in 2020, according to new findings from an international group of federal agencies.
In a new advisory, the U.S. Cybersecurity and Infrastructure Agency (CISA), the U.S. Federal Bureau of Investigation, The Australian Cyber Security Centre and the U.K. National Cybersecurity Center listed the most targeted vulnerabilities in 2020
According to the agencies, cloud-based solutions, VPNs and other remote work technologies made up the four most targeted vulnerabilities last year as many VPN gateway devices remained unpatched due to the growth of remote work making it difficult to patch devices.
Vulnerabilities in the Citrix Application Delivery Controller and Gateway 10.5, 11.1, 12.0, 12.1, and 13 was the most exploited vulnerability last year, the agencies said. The flaw is an arbitrary code execution vulnerability that allows an attacker to take control of an affected system.
“Nation-state and criminal cyber actors most likely favor using this vulnerability because it is easy to exploit, Citrix servers are widespread, and exploitation enables the actors to perform unauthorized RCE on a target system,” the agencies said.
Read Next: You Need To Look Out For These Software Vulns
Coupled with an arbitrary file reading vulnerability in Pulse Connect Secure VPN, the two vulnerabilities were among the most targeted by nation-state hackers, and they are still being exploited, agencies say.
Others singled out include a path traversal flaw in Fortinet FortiOS, MobileIron Core & Connector and a remote code execution vulnerability in FS-Big IP.
For a look at the top 12 most exploited vulnerabilities from 2020, check out the table from CISA below:
| Vendor | CVE | Type |
| Citrix | CVE-2019-19781 | arbitrary code execution |
| Pulse | CVE 2019-11510 | arbitrary file reading |
| Fortinet | CVE 2018-13379 | path traversal |
| F5- Big IP | CVE 2020-5902 | remote code execution (RCE) |
| MobileIron | CVE 2020-15505 | RCE |
| Microsoft | CVE-2017-11882 | RCE |
| Atlassian | CVE-2019-11580 | RCE |
| Drupal | CVE-2018-7600 | RCE |
| Telerik | CVE 2019-18935 | RCE |
| Microsoft | CVE-2019-0604 | RCE |
| Microsoft | CVE-2020-0787 | elevation of privilege |
| Netlogon | CVE-2020-1472 | elevation of privilege |
In addition to 2020, 2021 has also been a busy one for IT and cybersecurity professionals when it comes to patch management as more critical vulnerabilities have been discovered.
The agencies singled out several vulnerabilities in Microsoft Exchange (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065), Pulse Secure (CVE-2021-22893, CVE-2021-22894, CVE-2021-22899, and CVE-2021-22900), Accellion (CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104), VMWare (CVE-2021-21985) and Fortinet (: CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591).
If you use any of those products, make sure they are all upgraded to the latest versions with fixes for those security issues.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply