The 2023 report highlights that zero-day vulnerabilities (previously undisclosed vulnerabilities) have been increasingly exploited, with a sharp rise in attacks targeting these flaws compared to 2022. Malicious actors took advantage of these zero-days to compromise enterprise networks, gaining unauthorised access to sensitive information. The report underscores that wireless cyber security penetration auditors play a critical role in identifying and mitigating such vulnerabilities, especially within the two years following the initial public disclosure.
The agencies behind the report emphasise that vendors, developers, and end users must prioritise timely patching and adopt a secure-by-design approach to reduce these risks. Here’s a closer look at some of the most frequently exploited vulnerabilities in 2023.
Top Routinely Exploited Vulnerabilities of 2023
CVE-2023-3519: Citrix NetScaler ADC and Gateway
A code injection vulnerability, CVE-2023-3519, allows unauthenticated attackers to execute malicious code on affected Citrix devices. This vulnerability is particularly dangerous as it can enable attackers to control a compromised network, often leading to data breaches or system disruptions.
CVE-2023-20198 and CVE-2023-20273—Cisco IOS XE
This series of vulnerabilities affecting Cisco’s IOS XE Web UI allows unauthorised access and privilege escalation, allowing attackers to create new users with elevated access. These vulnerabilities can compromise critical network infrastructure, particularly affecting organisations that rely on Cisco systems.
CVE-2023-27997: Fortinet FortiOS and FortiProxy SSL-VPN
This vulnerability allows attackers to execute arbitrary commands on the affected systems. As SSL VPNs are commonly used to secure remote connections, an exploit of this vulnerability could lead to significant network and data security breaches.
CVE-2021-44228: Apache Log4Shell (Log4j)
Despite being discovered in 2021, Log4Shell continues to be one of the most exploited vulnerabilities. This vulnerability in the Log4j logging library enables remote code execution, allowing attackers to hijack systems and deploy ransomware or steal data.
CVE-2023-2868: Barracuda Networks ESG Appliance
This command injection vulnerability within Barracuda’s Email Security Gateway appliances allows unauthorised access, enabling attackers to execute system commands and potentially gain control over email servers. Exploits of this vulnerability often lead to unauthorised data access and increased phishing risks.
CVE-2022-47966 – Zoho ManageEngine
This vulnerability allows unauthenticated users to remotely execute code on multiple products within the Zoho ManageEngine suite. Organisations relying on these products are at heightened risk of system takeovers.
CVE-2023-27350 – PaperCut MF/NG
This vulnerability combines authentication bypass with built-in scripting abuse, allowing attackers to execute code on PaperCut servers. Given the widespread use of PaperCut in educational and corporate environments, exploiting this vulnerability can disrupt printing services and expose sensitive data.
CVE-2020-1472: Microsoft Netlogon
Known for its impact on Active Directory services, this privilege escalation vulnerability has been a primary target since 2020. It enables attackers to exploit Netlogon to gain unauthorised access to domain controllers, making it particularly harmful to enterprise environments.
Read our latest post to find out the Mitigating Insider Threats: How Organisations Can Detect, Prevent, and Respond
CVE-2023-23397: Microsoft Office Outlook
This vulnerability allows privilege escalation by sending a specially crafted email to Outlook clients, triggering without user interaction. Exploiting this flaw can give attackers unauthorised access to user accounts, potentially exposing sensitive emails and other data.
CVE-2023-49103—ownCloud graphapi
This vulnerability permits unauthorised information disclosure, allowing attackers to access sensitive credentials and configuration details. While not as damaging as other vulnerabilities, it still presents significant risks for organisations using ownCloud for collaboration.
How Organisations Can Mitigate These Vulnerabilities
Mitigating the risk posed by these vulnerabilities requires proactive security practices. The authoritarian agencies recommend several mitigation strategies to protect against these common exploits:
Patch Management and Timely Updates
Applying patches promptly is the most effective way to mitigate these vulnerabilities. Organisations should implement a centralised patch management system, prioritise high-risk vulnerabilities, and ensure systems are updated regularly. Regular penetration testing is also necessary to detect the vulnerabilities before the attackers discover them.
Security-First Product Development
Vendors and developers should adopt a secure-by-design approach, integrating security checks throughout the software development lifecycle. Using memory-safe programming languages, rigorous code review practices, and automated testing tools like SAST/DAST can reduce vulnerabilities in software products.
Endpoint Detection and Response (EDR)
Deploying sophisticated EDR solutions helps detect abnormal activity related to zero-day exploits. EDR tools enhance network monitoring and enable swift response to suspicious activities, which can limit the damage from an exploited vulnerability.
Secure Authentication and Access Controls
Implementing multi-factor authentication (MFA) on critical systems, enforcing the principle of least privilege, and conducting regular audits of access controls can significantly reduce unauthorised access risks. Limiting access and using strong authentication protocols make it more challenging for attackers to escalate privileges.
Enhanced Supply Chain Security
Organisations should demand secure practices from their third-party vendors and incorporate a Software Bill of Materials (SBOM) for monitoring dependencies. By minimising untrusted third-party software, companies can reduce risks from supply chain attacks.
Zero Trust Architecture
Moving toward a Zero Trust model, where systems are segmented and access is tightly controlled, can limit an attacker’s ability to move laterally within a network. Adopting Zero Trust principles like micro-segmentation and continuous monitoring further enhances security posture.
Also read our latest post on the Elastic Unveils 2024 Global Threat Report: AI, Malware, and Cloud Security
Conclusion
The “2023 Top Routinely Exploited Vulnerabilities” report serves as a critical reminder for organisations to stay vigilant and proactive in their cybersecurity efforts. Understanding these vulnerabilities and adopting recommended mitigation strategies can greatly reduce the risk of exploitation. By prioritising patch management, secure development, and robust access controls, organisations can better protect themselves from the evolving threats in today’s digital landscape.
For organisations looking to strengthen their cybersecurity, it’s essential to address these top vulnerabilities and continuously evaluate their security practices. With the right measures, businesses can safeguard their operations and protect sensitive information against the ever-growing cyber threats.
Stay secure against evolving threats with the expertise of Cybernetic Global Intelligence’s Cyber security services. Visit www.cyberneticgi.com to explore our offerings, call 1300 292 376 to book a consultation, or email us at contact@cybernetic-gi.com for any enquiries.