top exploited vulnerabilities in 2021

Cybersecurity authorities around the world have released a list of the top 15 vulnerabilities regularly exploited by threat actors in 2021, in collaboration with the NSA and the FBI.

In a joint alert, the cybersecurity authorities recommended enterprises to patch these security holes as soon as possible and adopt patch management systems to decrease their attack surface.

Malicious actors have been spotted targeting internet-facing systems, such as email and virtual private network (VPN) servers, employing exploits targeting recently reported vulnerabilities all around the world.

According to the advisory, “malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities against broad target sets, including public and private sector organisations worldwide” in 2021, according to the US, Australian, Canadian, New Zealand, and UK cybersecurity authorities.

This could be attributed to malicious actors and security researchers publishing proof of concept (POC) vulnerabilities for most of the top exploited issues in 2021 within two weeks of their original disclosure.

However, some attackers targeted older vulnerabilities that had been patched years ago, indicating that some firms refuse to upgrade their systems even when a patch is available.

The top 15 most exploited security issues are listed here, along with links to the National Vulnerability Database entries and malware linked with them.

CVEVulnerabilityVendor and ProductType
CVE-2021-44228Log4ShellApache Log4jRemote code execution (RCE)
CVE-2021-40539 Zoho ManageEngine AD SelfService PlusRCE
CVE-2021-34523ProxyShellMicrosoft Exchange ServerElevation of privilege
CVE-2021-34473ProxyShellMicrosoft Exchange ServerRCE
CVE-2021-31207ProxyShellMicrosoft Exchange ServerSecurity feature bypass
CVE-2021-27065ProxyLogonMicrosoft Exchange ServerRCE
CVE-2021-26858ProxyLogonMicrosoft Exchange ServerRCE
CVE-2021-26857ProxyLogonMicrosoft Exchange ServerRCE
CVE-2021-26855ProxyLogonMicrosoft Exchange ServerRCE
 Atlassian Confluence Server and Data CenterArbitrary code execution
CVE-2021-21972 VMware vSphere ClientRCE
CVE-2020-1472ZeroLogonMicrosoft Netlogon Remote Protocol (MS-NRPC)Elevation of privilege
CVE-2020-0688 Microsoft Exchange ServerRCE
CVE-2019-11510 Pulse Secure Pulse Connect SecureArbitrary file reading
CVE-2018-13379 Fortinet FortiOS and FortiProxyPath traversal

Mitigation and additional exploitation info

The cybersecurity agencies of the United States, Australia, Canada, New Zealand, and the United Kingdom have also identified and revealed 21 additional security vulnerabilities that bad cyber actors are likely to exploit in 2021, including ones that affect the Accellion File Transfer Appliance (FTA), Windows Print Spooler, and Pulse Secure Pulse Connect Secure.

Mitigation steps are included in the joint recommendation, which should help reduce the risk associated with the topmost misused defects listed above.

In partnership with the Australian Cyber Security Centre (ACSC) and the United Kingdom’s National Cyber Security Centre, CISA and the FBI also released a list of the top 10 most exploited security defects from 2016 to 2019 and a list of commonly exploited bugs in 2020. (NCSC).

MITRE also released a list of the most hazardous programming, design, and architecture security defects impacting hardware in 2021, as well as the top 25 most prevalent and dangerous software flaws during the preceding two years, in November 2021.