The 10 most-exploited vulnerabilities of 2021: Not patched? Likely pwned...

Attackers continue to accelerate their weaponisation of newly-discovered flaws, the Five Eyes list of most-exploited vulnerabilities of 2021 shows. Contrary to some reports suggesting fears of mass-exploitation had been over-indexed, the flaw in Log4j joined the most widely-exploited vulnerabilities last year, despite only being discovered at the year's end. In total, 11 of the top-15 most exploited vulnerabilities of 2021 were discovered in 2021 – in contrast to previous years when older vulnerabilities dominated the list.

The most-exploited vulnerabilities of 2021

VendorCVETypeSeverityExploit info
Apache Log4JCVE-2021-44228RCECVSS: 10
Exploit
Zoho
ManageEngine
CVE-2021-40539RCECVSS: 9.8Exploit
MicrosoftCVE-2021-34523
CVE-2021-34473
CVE-2021-31207
EOP
RCE
Security feature bypass
CVSS: 9.8
CVSS: 9.8
CVSS: 7.2
Exploit
MicrosoftCVE-2021-27065
CVE-2021-26858
CVE-2021-26857
CVE-2021-26855
RCECVSS: 7.8
CVSS: 7.8
CVSS: 7.8
CVSS: 9.8
Exploit
Others:
1, 2, 3, 4
AtlassianCVE-2021-26084Arbitrary code executionCVSS: 9.8Exploit
VMwareCVE-2021-21972RCECVSS: 9.8Exploit
MicrosoftCVE-2020-1472EOPCVSS: 10Exploit
MicrosoftCVE-2020-0688RCECVSS: 8.8Exploit
Pulse SecureCVE-2019-11510Arbitrary file readingCVSS: 10Exploit
FortinetCVE-2018-13379Path traversalCVSS: 9.8Exploit

“In 2021, malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities against broad target sets, including public and private sector organizations worldwide,” said the vulnerability report from US, UK, Canadian, Australian and New Zealand cyber-security bodies – known as the Five Eyes.

“For most of the top exploited vulnerabilities, researchers or other actors released proof of concept (POC) code within two weeks of the vulnerability’s disclosure, likely facilitating exploitation by a broader range of malicious actors,” the report added. (We're sharing some above for Red Team reference.)

Follow >> The Stack on LinkedIn << to keep abreast

Microsoft was the single most-represented vendor on the list, with the collection of Microsoft Exchange server vulnerabilities ProxyShell, ProxyLogon, ZeroLogon -- rampantly exploited at scale by Chinese APTs and other actors -- all making the top-10 most-exploited vulnerabilities of 2021.

But the second-most exploited vulnerability was in the widely-used but less widely-discussed Zoho ManageEngine. The vulnerabilities, allowing authentication-bypass and remote-code execution, had been known and a patch made available since September – but were prevalent enough that at least two separate groups made wide use of them until late in 2021.The last four most-exploited vulnerabilities of 2021 were discovered in previous years - but the oldest is only from 2018, in contrast to bugs almost a decade old found on 2019's vulnerability list.

More 'routinely exploited' vulnerabilities to patch

The cyber-security agencies also listed plenty of other vulnerabilities which are "routinely exploited" and which organisations should patch as soon as possible:

The 12 most exploited vulnerabilities in 2020 meanwhile were...

CitrixCVE-2019-19781Arbitrary code executionCVSS: 9.8Exploit
Pulse SecureCVE 2019-11510Arbitrary file readingCVSS: 10Exploit
FortinetCVE 2018-13379Path traversalCVSS: 9.8Exploit
F5- Big IPCVE 2020-5902RCECVSS: 9.8Exploit
MobileIronCVE 2020-15505RCECVSS: 9.8Exploit
MicrosoftCVE-2017-11882RCECVSS: 9.3Exploit
AtlassianCVE-2019-11580RCECVSS: 9.4Exploit
DrupalCVE-2018-7600RCECVSS: 9.8Exploit
TelerikCVE 2019-18935RCECVSS: 9.8Exploit
MicrosoftCVE-2019-0604RCECVSS: 9.8Exploit
MicrosoftCVE-2020-0787Elevation of privilegeCVSS: 7.8Exploit
NetlogonCVE-2020-1472Elevation of privilegeCVSS: 10Exploit

See also: 7 FREE cybersecurity tools your team should look at