CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
100.0%
This joint Cybersecurity Advisory (CSA) was coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom: the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC), and United Kingdom’s National Cyber Security Centre (NCSC-UK). This advisory provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.
U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities assess, in 2021, malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities against broad target sets, including public and private sector organizations worldwide. To a lesser extent, malicious cyber actors continued to exploit publicly known, dated software vulnerabilities across a broad spectrum of targets.
The cybersecurity authorities encourage organizations to apply the recommendations in the Mitigations section of this CSA. These mitigations include applying timely patches to systems and implementing a centralized patch management system to reduce the risk of compromise by malicious cyber actors.
Download the Joint Cybersecurity Advisory: 2021 top Routinely Exploited Vulnerabilities (pdf, 777kb).
Globally, in 2021, malicious cyber actors targeted internet-facing systems, such as email servers and virtual private network (VPN) servers, with exploits of newly disclosed vulnerabilities. For most of the top exploited vulnerabilities, researchers or other actors released proof of concept (POC) code within two weeks of the vulnerability’s disclosure, likely facilitating exploitation by a broader range of malicious actors.
To a lesser extent, malicious cyber actors continued to exploit publicly known, dated software vulnerabilities—some of which were also routinely exploited in 2020 or earlier. The exploitation of older vulnerabilities demonstrates the continued risk to organizations that fail to patch software in a timely manner or are using software that is no longer supported by a vendor.
Table 1 shows the top 15 vulnerabilities U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities observed malicious actors routinely exploiting in 2021, which include:
Three of the top 15 routinely exploited vulnerabilities were also routinely exploited in 2020: CVE-2020-1472, CVE-2018-13379, and CVE-2019-11510. Their continued exploitation indicates that many organizations fail to patch software in a timely manner and remain vulnerable to malicious cyber actors.
Table 1: Top 15 Routinely Exploited Vulnerabilities in 2021
CVE | Vulnerability Name | Vendor and Product | Type |
---|---|---|---|
CVE-2021-44228 | Log4Shell | Apache Log4j | Remote code execution (RCE) |
CVE-2021-40539 | Zoho ManageEngine AD SelfService Plus | RCE | |
CVE-2021-34523 | ProxyShell | Microsoft Exchange Server | Elevation of privilege |
CVE-2021-34473 | ProxyShell | Microsoft Exchange Server | RCE |
CVE-2021-31207 | ProxyShell | Microsoft Exchange Server | Security feature bypass |
CVE-2021-27065 | ProxyLogon | Microsoft Exchange Server | RCE |
CVE-2021-26858 | ProxyLogon | Microsoft Exchange Server | RCE |
CVE-2021-26857 | ProxyLogon | Microsoft Exchange Server | RCE |
CVE-2021-26855 | ProxyLogon | Microsoft Exchange Server | RCE |
CVE-2021-26084 | Atlassian Confluence Server and Data Center | Arbitrary code execution | |
CVE-2021-21972 | VMware vSphere Client | RCE | |
CVE-2020-1472 | ZeroLogon | Microsoft Netlogon Remote Protocol (MS-NRPC) | Elevation of privilege |
CVE-2020-0688 | Microsoft Exchange Server | RCE | |
CVE-2019-11510 | Pulse Secure Pulse Connect Secure | Arbitrary file reading | |
CVE-2018-13379 | Fortinet FortiOS and FortiProxy | Path traversal |
In addition to the 15 vulnerabilities listed in table 1, U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities identified vulnerabilities, listed in table 2, that were also routinely exploited by malicious cyber actors in 2021.
These vulnerabilities include multiple vulnerabilities affecting internet-facing systems, including Accellion File Transfer Appliance (FTA), Windows Print Spooler, and Pulse Secure Pulse Connect Secure. Three of these vulnerabilities were also routinely exploited in 2020: CVE-2019-19781, CVE-2019-18935, and CVE-2017-11882.
Table 2: Additional Routinely Exploited Vulnerabilities in 2021
CVE | Vendor and Product | Type |
---|---|---|
CVE-2021-42237 | Sitecore XP | RCE |
CVE-2021-35464 | ForgeRock OpenAM server | RCE |
CVE-2021-27104 | Accellion FTA | OS command execution |
CVE-2021-27103 | Accellion FTA | Server-side request forgery |
CVE-2021-27102 | Accellion FTA | OS command execution |
CVE-2021-27101 | Accellion FTA | SQL injection |
CVE-2021-21985 | VMware vCenter Server | RCE |
CVE-2021-20038 | SonicWall Secure Mobile Access (SMA) | RCE |
CVE-2021-40444 | Microsoft MSHTML | RCE |
CVE-2021-34527 | Microsoft Windows Print Spooler | RCE |
CVE-2021-3156 | Sudo | Privilege escalation |
CVE-2021-27852 | Checkbox Survey | Remote arbitrary code execution |
CVE-2021-22893 | Pulse Secure Pulse Connect Secure | Remote arbitrary code execution |
CVE-2021-20016 | SonicWall SSLVPN SMA100 | Improper SQL command neutralization, allowing for credential access |
CVE-2021-1675 | Windows Print Spooler | RCE |
CVE-2020-2509 | QNAP QTS and QuTS hero | Remote arbitrary code execution |
CVE-2019-19781 | Citrix Application Delivery Controller (ADC) and Gateway | Arbitrary code execution |
CVE-2019-18935 | Progress Telerik UI for ASP.NET AJAX | Code execution |
CVE-2018-0171 | Cisco IOS Software and IOS XE Software | Remote arbitrary code execution |
CVE-2017-11882 | Microsoft Office | RCE |
CVE-2017-0199 | Microsoft Office | RCE |
Note: see CISA Capacity Enhancement Guide – Implementing Strong Authentication and ACSC guidance on Implementing Multi-Factor Authentication for more information on hardening authentication systems.
The information in this report is being provided “as is” for informational purposes only. CISA, the FBI, NSA, ACSC, CCCS, NZ NCSC, and NCSC-UK do not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring.
This document was developed by U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities in furtherance of their respective cybersecurity missions, including their responsibilities to develop and issue cybersecurity specifications and mitigations.
[1] CISA’s Apache Log4j Vulnerability Guidance
CVE | Vendor | Affected Products | Patch Information | Resources |
---|---|---|---|---|
CVE-2021-42237 | Sitecore | Sitecore XP 7.5.0 - Sitecore XP 7.5.2 Sitecore XP 8.0.0 - Sitecore XP 8.2.7 | Sitecore Security Bulletin SC2021-003-499266 | ACSC Alert Active Exploitation of vulnerable Sitecore Experience Platform Content Management Systems |
CVE-2021-35464 | ForgeRock | Access Management (AM) 5.x, 6.0.0.x, 6.5.0.x, 6.5.1, 6.5.2.x and 6.5.3 OpenAM 9.x, 10.x, 11.x, 12.x and 13.x | ForgeRock AM Security Advisory #202104 | ACSC Advisory Active exploitation of ForgeRock Access Manager / OpenAM servers CCCS ForgeRock Security Advisory |
CVE-2021-27104 | Accellion | FTA 9_12_370 and earlier | Accellion Press Release: Update to Recent FTA Security Incident | Joint CSA Exploitation of Accellion File Transfer Appliance ACSC Alert Potential Accellion File Transfer Appliance compromise |
CVE-2021-27103 | FTA 9_12_411 and earlier | |||
CVE-2021-27102 | FTA versions 9_12_411 and earlier | |||
CVE-2021-27101 | FTA 9_12_370 and earlier | |||
CVE-2021-21985 | VMware | vCenter Server 7.0, 6.7, 6.5 Cloud Foundation (vCenter Server) 4.x and 3.x | VMware Advisory VMSA-2021-0010 | CCCS VMware Security Advisory |
CVE-2021-21972 | VMware | vCenter Server 7.0, 6.7, 6.5 Cloud Foundation (vCenter Server) 4.x and 3.x | VMware Advisory VMSA-2021-0002 | ACSC Alert VMware vCenter Server plugin remote code execution vulnerability CCCS VMware Security Advisory CCCS Alert APT Actors Target U.S. and Allied Networks - Update 1 |
CVE-2021-20038 | SonicWall | SMA 100 Series (SMA 200, 210, 400, 410, 500v), versions 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv | SonicWall Security Advisory SNWLID-2021-0026 | ACSC Alert Remote code execution vulnerability present in SonicWall SMA 100 series appliances CCCS SonicWall Security Advisory |
CVE-2021-44228 | Apache | Log4j, all versions from 2.0-beta9 to 2.14.1 For other affected vendors and products, see CISA’s GitHub repository. | Log4j: Apache Log4j Security Vulnerabilities For additional information, see joint CSA: Mitigating Log4Shell and Other Log4j-Related Vulnerabilities | CISA webpage Apache Log4j Vulnerability Guidance CCCS Active exploitation of Apache Log4j vulnerability - Update 7 |
CVE-2021-40539 | Zoho ManageEngine | ADSelfService Plus version 6113 and prior | Zoho ManageEngine: ADSelfService Plus 6114 Security Fix Release | Joint CSA APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus CCCS Zoho Security Advisory |
CVE-2021-40444 | Microsoft | Multiple Windows products; see Microsoft Security Update Guide: MSHTML Remote Code Execution Vulnerability, CVE-2021-40444 | Microsoft Security Update Guide: MSHTML Remote Code Execution Vulnerability, CVE-2021-40444 | |
CVE-2021-34527 | Microsoft | Multiple Windows products; see Microsoft Security Update Guide: Windows Print Spooler Remote Code Execution Vulnerability, CVE-2021-34527 | Microsoft Security Update Guide: Windows Print Spooler Remote Code Execution Vulnerability, CVE-2021-34527 | Joint CSA Russian State-Sponsored Cyber Actors Gain Network Access by Exploiting Default Multifactor Authentication Protocols and “PrintNightmare” Vulnerability CCCS Alert Windows Print Spooler Vulnerability Remains Unpatched – Update 3 |
CVE-2021-34523 | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Exchange Server 2016 Cumulative Updates 19 and 20 Microsoft Exchange Server 2019 Cumulative Updates 8 and 9 | Microsoft Security Update Guide: Microsoft Exchange Server Elevation of Privilege Vulnerability, CVE-2021-34523 | Joint CSA Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities ACSC Alert Microsoft Exchange ProxyShell Targeting in Australia |
CVE-2021-34473 | Microsoft | Multiple Exchange Server versions; see: Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-34473 | Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-34473 | |
CVE-2021-31207 | Microsoft | Multiple Exchange Server versions; see Microsoft Update Guide: Microsoft Exchange Server Security Feature Bypass Vulnerability, CVE-2021-31207 | Microsoft Update Guide: Microsoft Exchange Server Security Feature Bypass Vulnerability, CVE-2021-31207 | |
CVE-2021-3156 | Sudo | Sudo before 1.9.5p2 | Sudo Stable Release 1.9.5p2 | |
CVE-2021-27852 | Checkbox Survey | Checkbox Survey versions prior to 7 | ||
CVE-2021-27065 | Microsoft Exchange Server | Multiple versions; see: Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-27065 | Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-27065 | CISA Alert: Mitigate Microsoft Exchange Server Vulnerabilities ACSC Advisory Active exploitation of Vulnerable Microsoft Exchange servers CCCS Alert Active Exploitation of Microsoft Exchange Vulnerabilities - Update 4 |
CVE-2021-26858 | Microsoft | Exchange Server, multiple versions; see Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-26858 | Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-26858 | |
CVE-2021-26857 | Microsoft | Exchange Server, multiple versions; see Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-26857 | Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-26857 | |
CVE-2021-26855 | Microsoft | Exchange Server, multiple versions; see Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-26855 | Microsoft Security Update Guide: Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-26855 | |
CVE-2021-26084 | Jira Atlassian | Confluence Server and Data Center, versions 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. | Jira Atlassian: Confluence Server Webwork OGNL injection - CVE-2021-26084 | ACSC Alert Remote code execution vulnerability present in certain versions of Atlassian Confluence CCCS Atlassian Security Advisory |
CVE-2021-22893 | Pulse Secure | PCS 9.0R3/9.1R1 and Higher | Pulse Secure SA44784 - 2021-04: Out-of-Cycle Advisory: Multiple Vulnerabilities Resolved in Pulse Connect Secure 9.1R11.4 | CCCS Alert Active Exploitation of Pulse Connect Secure Vulnerabilities - Update 1 |
CVE-2021-20016 | SonicWall | SMA 100 devices (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v) | SonicWall Security Advisory SNWLID-2021-0001 | |
CVE-2021-1675 | Microsoft | Multiple Windows products; see Microsoft Security Update Guide Windows Print Spooler Remote Code Execution Vulnerability, CVE-2021-1675 | Microsoft Security Update Guide: Windows Print Spooler Remote Code Execution Vulnerability, CVE-2021-1675 | CCCS Alert Windows Print Spooler Vulnerability Remains Unpatched – Update 3 |
CVE-2020-2509 | QNAP | QTS, multiple versions; see QNAP: Command Injection Vulnerability in QTS and QuTS hero QuTS hero h4.5.1.1491 build 20201119 and later | QNAP: Command Injection Vulnerability in QTS and QuTS hero | |
CVE-2020-1472 | Microsoft | Windows Server, multiple versions; see Microsoft Security Update Guide: Netlogon Elevation of Privilege Vulnerability, CVE-2020-1472 | Microsoft Security Update Guide: Netlogon Elevation of Privilege Vulnerability, CVE-2020-1472 | ACSC Alert Netlogon elevation of privilege vulnerability (CVE-2020-1472) Joint CSA APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations CCCS Alert Microsoft Netlogon Elevation of Privilege Vulnerability - CVE-2020-1472 - Update 1 |
CVE-2020-0688 | Microsoft | Exchange Server, multiple versions; see Microsoft Security Update Guide: Microsoft Exchange Validation Key Remote Code Execution Vulnerability, CVE-2020-0688 | Microsoft Security Update Guide: Microsoft Exchange Validation Key Remote Code Execution Vulnerability, CVE-2020-0688 | CISA Alert Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity Joint CSA Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology CCCS Alert Microsoft Exchange Validation Key Remote Code Execution Vulnerability |
CVE-2019-19781 | Citrix | ADC and Gateway version 13.0 all supported builds before 13.0.47.24 NetScaler ADC and NetScaler Gateway, version 12.1 all supported builds before 12.1.55.18; version 12.0 all supported builds before 12.0.63.13; version 11.1 all supported builds before 11.1.63.15; version 10.5 all supported builds before 10.5.70.12 SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO all supported software release builds before 10.2.6b and 11.0.3b | Citrix Security Bulletin CTX267027 | Joint CSA APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations CISA Alert Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity CCCS Alert Detecting Compromises relating to Citrix CVE-2019-19781 |
CVE-2019-18935 | Progress Telerik | UI for ASP.NET AJAX through 2019.3.1023 | Telerik UI for ASP.NET AJAX Allows JavaScriptSerializer Deserialization | ACSC Alert Active exploitation of vulnerability in Microsoft Internet Information Services |
CVE-2019-11510 | Pulse Secure | Pulse Connect Secure 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 | Pulse Secure: SA44101 - 2019-04: Out-of-Cycle Advisory: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0RX | CISA Alert Continued Exploitation of Pulse Secure VPN Vulnerability CISA Alert Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity ACSC Advisory Recommendations to mitigate vulnerability in Pulse Connect Secure VPN Software Joint CSA APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations CCCS Alert APT Actors Target U.S. and Allied Networks - Update 1 |
CVE-2018-13379 | Fortinet | FortiProxy 2.0.2, 2.0.1, 2.0.0, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0, 1.1.6 | Fortinet FortiGuard Labs: FG-IR-20-233 | Joint CSA Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology Joint CSA Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities Joint CSA APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations ACSC Alert APT exploitation of Fortinet Vulnerabilities CCCS Alert Exploitation of Fortinet FortiOS vulnerabilities (CISA, FBI) - Update 1 |
CVE-2018-0171 | Cisco | See Cisco Security Advisory: cisco-sa-20180328-smi2 | Cisco Security Advisory: cisco-sa-20180328-smi2 | CCCS Action Required to Secure the Cisco IOS and IOS XE Smart Install Feature |
CVE-2017-11882 | Microsoft | Office, multiple versions; see Microsoft Security Update Guide: Microsoft Office Memory Corruption Vulnerability, CVE-2017-11882 | Microsoft Security Update Guide: Microsoft Office Memory Corruption Vulnerability, CVE-2017-11882 | CCCS Alert Microsoft Office Security Update |
CVE-2017-0199 | Microsoft | Multiple products; see Microsoft Security Update Guide: Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows, CVE-2017-0199 | Microsoft Security Update Guide: Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows, CVE-2017-0199 | CCCS Microsoft Security Updates |
U.S. organizations: Organizations can also report anomalous cyber activity and/or cyber incidents 24/7 to [email protected] or by calling 1-844-Say-CISA (1-844-729-2472) and/or to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or [email protected]. When available, please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting company or organization; and a designated point of contact. For NSA client requirements or general cybersecurity inquiries, contact [email protected].**Australian organizations:**visit cyber.gov.au or call 1300 292 371 (1300 CYBER 1) to report cybersecurity incidents and access alerts and advisories.**Canadian organizations:**report incidents by emailing CCCS at [email protected].**New Zealand organizations:**report cyber security incidents to [email protected] or call 04 498 7654.United Kingdom organizations: report a significant cyber security incident: ncsc.gov.uk/report-an-incident (monitored 24 hours) or, for urgent assistance, call 03000 200 973.
April 27, 2022: Initial Version
backstage.forgerock.com/knowledge/kb/article/a47894244
cisa.gov/sites/default/files/publications/CISA%20Insights_Guidance-for-MSPs-and-Small-and-Mid-sized-Businesses_S508C.pdf
cisa.gov/sites/default/files/publications/cisa-insights_risk-considerations-for-msp-customers_508.pdf
cisa.gov/sites/default/files/publications/CISA_CEG_Implementing_Strong_Authentication_508_1.pdf
cisasurvey.gov1.qualtrics.com/jfe/form/SV_9n4TtB8uttUPaM6?product=https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a
docs.telerik.com/devtools/aspnet-ajax/knowledge-base/common-allows-javascriptserializer-deserialization
github.com/cisagov/log4j-affected-db
jira.atlassian.com/browse/CONFSERVER-67940
kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/
logging.apache.org/log4j/2.x/security.html
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0199
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0199
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11882
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11882
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0688
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0688
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1675
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1675
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26855
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26855
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26857
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26857
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26858
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26858
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27065
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27065
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31207
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31207
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34473
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34473
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34523
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34527
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34527
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40444
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40444
nvd.nist.gov/vuln/detail/CVE-2017-0199
nvd.nist.gov/vuln/detail/CVE-2017-0199
nvd.nist.gov/vuln/detail/CVE-2017-11882
nvd.nist.gov/vuln/detail/CVE-2017-11882
nvd.nist.gov/vuln/detail/CVE-2018-0171
nvd.nist.gov/vuln/detail/CVE-2018-0171
nvd.nist.gov/vuln/detail/CVE-2018-13379
nvd.nist.gov/vuln/detail/CVE-2018-13379
nvd.nist.gov/vuln/detail/CVE-2019-11510
nvd.nist.gov/vuln/detail/CVE-2019-11510
nvd.nist.gov/vuln/detail/CVE-2019-18935
nvd.nist.gov/vuln/detail/CVE-2019-18935
nvd.nist.gov/vuln/detail/CVE-2019-19781
nvd.nist.gov/vuln/detail/CVE-2019-19781
nvd.nist.gov/vuln/detail/CVE-2020-0688
nvd.nist.gov/vuln/detail/CVE-2020-0688
nvd.nist.gov/vuln/detail/CVE-2020-1472
nvd.nist.gov/vuln/detail/CVE-2020-1472
nvd.nist.gov/vuln/detail/CVE-2020-2509
nvd.nist.gov/vuln/detail/CVE-2020-2509
nvd.nist.gov/vuln/detail/CVE-2021-1675
nvd.nist.gov/vuln/detail/CVE-2021-1675
nvd.nist.gov/vuln/detail/CVE-2021-20016
nvd.nist.gov/vuln/detail/CVE-2021-20016
nvd.nist.gov/vuln/detail/CVE-2021-20038
nvd.nist.gov/vuln/detail/CVE-2021-20038
nvd.nist.gov/vuln/detail/CVE-2021-21972
nvd.nist.gov/vuln/detail/CVE-2021-21972
nvd.nist.gov/vuln/detail/CVE-2021-21985
nvd.nist.gov/vuln/detail/CVE-2021-21985
nvd.nist.gov/vuln/detail/CVE-2021-22893
nvd.nist.gov/vuln/detail/CVE-2021-22893
nvd.nist.gov/vuln/detail/CVE-2021-26084
nvd.nist.gov/vuln/detail/CVE-2021-26084
nvd.nist.gov/vuln/detail/CVE-2021-26855
nvd.nist.gov/vuln/detail/CVE-2021-26855
nvd.nist.gov/vuln/detail/CVE-2021-26857
nvd.nist.gov/vuln/detail/CVE-2021-26857
nvd.nist.gov/vuln/detail/CVE-2021-26858
nvd.nist.gov/vuln/detail/CVE-2021-26858
nvd.nist.gov/vuln/detail/CVE-2021-27065
nvd.nist.gov/vuln/detail/CVE-2021-27065
nvd.nist.gov/vuln/detail/CVE-2021-27101
nvd.nist.gov/vuln/detail/CVE-2021-27101
nvd.nist.gov/vuln/detail/CVE-2021-27102
nvd.nist.gov/vuln/detail/CVE-2021-27102
nvd.nist.gov/vuln/detail/CVE-2021-27103
nvd.nist.gov/vuln/detail/CVE-2021-27103
nvd.nist.gov/vuln/detail/CVE-2021-27104
nvd.nist.gov/vuln/detail/CVE-2021-27104
nvd.nist.gov/vuln/detail/CVE-2021-27852
nvd.nist.gov/vuln/detail/CVE-2021-27852
nvd.nist.gov/vuln/detail/CVE-2021-31207
nvd.nist.gov/vuln/detail/CVE-2021-31207
nvd.nist.gov/vuln/detail/CVE-2021-3156
nvd.nist.gov/vuln/detail/CVE-2021-3156
nvd.nist.gov/vuln/detail/CVE-2021-34473
nvd.nist.gov/vuln/detail/CVE-2021-34473
nvd.nist.gov/vuln/detail/CVE-2021-34523
nvd.nist.gov/vuln/detail/CVE-2021-34523
nvd.nist.gov/vuln/detail/CVE-2021-34527
nvd.nist.gov/vuln/detail/CVE-2021-34527
nvd.nist.gov/vuln/detail/CVE-2021-35464
nvd.nist.gov/vuln/detail/CVE-2021-35464
nvd.nist.gov/vuln/detail/CVE-2021-40444
nvd.nist.gov/vuln/detail/CVE-2021-40444
nvd.nist.gov/vuln/detail/CVE-2021-40539
nvd.nist.gov/vuln/detail/CVE-2021-40539
nvd.nist.gov/vuln/detail/CVE-2021-42237
nvd.nist.gov/vuln/detail/CVE-2021-42237
nvd.nist.gov/vuln/detail/CVE-2021-44228
nvd.nist.gov/vuln/detail/CVE-2021-44228
pitstop.manageengine.com/portal/en/community/topic/adselfservice-plus-6114-security-fix-release
psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001
psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
support.citrix.com/article/CTX267027
support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1000776#HistoryOfUpdates
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2#fixed
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2#fixed
twitter.com/CISAgov
twitter.com/intent/tweet?text=2021%20Top%20Routinely%20Exploited%20Vulnerabilities+https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a
www.accellion.com/company/press-releases/accellion-provides-update-to-recent-fta-security-incident/
www.cisa.gov/
www.cisa.gov/known-exploited-vulnerabilities-catalog
www.cisa.gov/uscert/apache-log4j-vulnerability-guidance
www.cisa.gov/uscert/apache-log4j-vulnerability-guidance
www.cisa.gov/uscert/ncas/alerts/aa20-010a
www.cisa.gov/uscert/ncas/alerts/aa20-133a
www.cisa.gov/uscert/ncas/alerts/aa20-258a
www.cisa.gov/uscert/ncas/alerts/aa20-258a
www.cisa.gov/uscert/ncas/alerts/aa20-258a
www.cisa.gov/uscert/ncas/alerts/aa20-283a
www.cisa.gov/uscert/ncas/alerts/aa20-283a
www.cisa.gov/uscert/ncas/alerts/aa20-283a
www.cisa.gov/uscert/ncas/alerts/aa20-283a
www.cisa.gov/uscert/ncas/alerts/aa21-055a
www.cisa.gov/uscert/ncas/alerts/aa21-062a
www.cisa.gov/uscert/ncas/alerts/aa21-209a
www.cisa.gov/uscert/ncas/alerts/aa21-209a
www.cisa.gov/uscert/ncas/alerts/aa21-209a
www.cisa.gov/uscert/ncas/alerts/aa21-209a
www.cisa.gov/uscert/ncas/alerts/aa21-259a
www.cisa.gov/uscert/ncas/alerts/aa21-321a
www.cisa.gov/uscert/ncas/alerts/aa21-321a
www.cisa.gov/uscert/ncas/alerts/aa21-356a
www.cisa.gov/uscert/ncas/alerts/aa22-047a
www.cisa.gov/uscert/ncas/alerts/aa22-047a
www.cisa.gov/uscert/ncas/alerts/aa22-074a
www.cyber.gc.ca/en/
www.cyber.gc.ca/en/alerts/action-required-secure-cisco-ios-and-ios-xe-smart-install-feature
www.cyber.gc.ca/en/alerts/active-exploitation-apache-log4j-vulnerability
www.cyber.gc.ca/en/alerts/active-exploitation-microsoft-exchange-vulnerabilities
www.cyber.gc.ca/en/alerts/active-exploitation-pulse-connect-secure-vulnerabilities
www.cyber.gc.ca/en/alerts/apt-actors-target-us-and-allied-networks-nsacisafbi
www.cyber.gc.ca/en/alerts/apt-actors-target-us-and-allied-networks-nsacisafbi
www.cyber.gc.ca/en/alerts/atlassian-security-advisory
www.cyber.gc.ca/en/alerts/detecting-compromises-relating-citrix-cve-2019-19781-0
www.cyber.gc.ca/en/alerts/exploitation-fortinet-fortios-vulnerabilities-cisa-fbi
www.cyber.gc.ca/en/alerts/forgerock-security-advisory
www.cyber.gc.ca/en/alerts/microsoft-exchange-validation-key-remote-code-execution-vulnerability
www.cyber.gc.ca/en/alerts/microsoft-netlogon-elevation-privilege-vulnerability-cve-2020-1472
www.cyber.gc.ca/en/alerts/microsoft-office-security-update
www.cyber.gc.ca/en/alerts/microsoft-security-updates
www.cyber.gc.ca/en/alerts/sonicwall-security-advisory-4
www.cyber.gc.ca/en/alerts/vmware-security-advisory-35
www.cyber.gc.ca/en/alerts/vmware-security-advisory-41
www.cyber.gc.ca/en/alerts/windows-print-spooler-vulnerability-remains-unpatched
www.cyber.gc.ca/en/alerts/windows-print-spooler-vulnerability-remains-unpatched
www.cyber.gc.ca/en/alerts/zoho-security-advisory
www.cyber.gov.au/
www.cyber.gov.au/
www.cyber.gov.au/acsc/view-all-content/advisories/2019-129-recommendations-mitigate-vulnerability-pulse-connect-secure-vpn-software
www.cyber.gov.au/acsc/view-all-content/advisories/advisory-2021-002-active-exploitation-vulnerable-microsoft-exchange-servers
www.cyber.gov.au/acsc/view-all-content/advisories/advisory-2021-004-active-exploitation-forgerock-access-manager-openam-servers
www.cyber.gov.au/acsc/view-all-content/alerts/active-exploitation-vulnerability-microsoft-internet-information-services
www.cyber.gov.au/acsc/view-all-content/alerts/active-exploitation-vulnerable-sitecore-experience-platform-content-management-systems
www.cyber.gov.au/acsc/view-all-content/alerts/apt-exploitation-fortinet-vulnerabilities
www.cyber.gov.au/acsc/view-all-content/alerts/microsoft-exchange-proxyshell-targeting-australia
www.cyber.gov.au/acsc/view-all-content/alerts/netlogon-elevation-privilege-vulnerability-cve-2020-1472
www.cyber.gov.au/acsc/view-all-content/alerts/potential-accellion-file-transfer-appliance-compromise
www.cyber.gov.au/acsc/view-all-content/alerts/remote-code-execution-vulnerability-present-certain-versions-atlassian-confluence
www.cyber.gov.au/acsc/view-all-content/alerts/remote-code-execution-vulnerability-present-sonicwall-sma-100-series-appliances
www.cyber.gov.au/acsc/view-all-content/alerts/vmware-vcenter-server-plugin-remote-code-execution-vulnerability-cve-2021-21972
www.cyber.gov.au/acsc/view-all-content/publications/how-manage-your-security-when-engaging-managed-service-provider
www.cyber.gov.au/acsc/view-all-content/publications/implementing-multi-factor-authentication
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a&title=2021%20Top%20Routinely%20Exploited%20Vulnerabilities
www.fbi.gov/contact-us/field-offices
www.fbi.gov/investigate/cyber
www.fortiguard.com/psirt/FG-IR-20-233
www.gcsb.govt.nz/
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a
www.ncsc.gov.uk/
www.ncsc.gov.uk/section/about-this-website/contact-us
www.nsa.gov/Cybersecurity/
www.oig.dhs.gov/
www.qnap.com/en/security-advisory/qsa-21-05
www.qnap.com/en/security-advisory/qsa-21-05
www.sudo.ws/releases/stable/#1.9.5p2
www.usa.gov/
www.vmware.com/security/advisories/VMSA-2021-0002.html
www.vmware.com/security/advisories/VMSA-2021-0010.html
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=2021%20Top%20Routinely%20Exploited%20Vulnerabilities&body=www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
100.0%