Most frequently exploited vulnerabilities in 2023 were zero-day exploits from top security companies.
In the digital landscape of 2023, several common trends have emerged in the most frequently exploited vulnerabilities, posing a significant threat to network security.
1. Code/Command Injection and Execution: Many vulnerabilities, such as CVE-2023-3519 in Citrix products and CVE-2017-9841 in Cisco IOS XE, have allowed attackers to execute arbitrary code on targeted systems, leading to ransomware attacks.
2. Path Traversal and Authentication Bypass: Vulnerabilities like CVE-2021-42013 affecting Apache HTTP Server and CVE-2023-46747 affecting F5 BIG-IP have been prevalent, enabling unauthorized access to sensitive data.
3. Server-Side Request Forgery (SSRF): SSRF vulnerabilities, such as those found in MOVEit (CVE-2023-34362) and Fortinet FortiOS and FortiProxy SSL-VPN (CVE-2023-27997), continue to be exploited, potentially leading to unauthorized access and remote code execution.
Notable vulnerabilities affecting Citrix, Cisco, and Fortinet include:
### Cisco - CVE-2022-41082 and CVE-2019-1653: These code injection and sensitive information disclosure vulnerabilities have been exploited in the past. - CVE-2017-9841 and CVE-2023-20198: Although not specifically linked to new trends, these code injection vulnerabilities have been used extensively.
### Fortinet - A zero-day vulnerability in Fortinet's FortiOS and FortiProxy products was disclosed after threats were identified by Arctic Wolf.
### Citrix No specific vulnerabilities for Citrix were mentioned in the search results for 2023 trends. However, six of the 16 Citrix vulnerabilities in the CISA's known exploited vulnerabilities catalog are known to be used in ransomware campaigns.
The Cybersecurity and Infrastructure Security Agency (CISA) is taking steps to address this issue by encouraging technology companies to eliminate entire classes of defects, coding errors, and vulnerabilities from their products. Over 250 companies, including Cisco and Fortinet, have signed CISA's voluntary pledge since May.
The exploitation of these vulnerabilities can inflict far-reaching and sustained damage on thousands of organizations. For instance, the Clop ransomware group, responsible for the MOVEit attacks, ultimately stole highly sensitive data from more than 2,700 organizations and 93 million personal records.
Zero-days comprised the majority of the most routinely exploited vulnerabilities in 2023, an increase from 2022. Last year, the two pairs of CVEs in Citrix and Cisco products, respectively, comprised the four most-exploited vulnerabilities of the year.
Organizations are urged to prioritise timely remediation of these vulnerabilities to protect against active threats.
- To secure their network from ransomware attacks, it's crucial for organizations to be aware of vulnerabilities like CVE-2023-3519 in Citrix products and CVE-2017-9841 in Cisco IOS XE, which allow attackers to inject and execute malicious code.
- In the face of privacy risks, it's important to guard against vulnerabilities such as CVE-2021-42013 in Apache HTTP Server and CVE-2023-46747 in F5 BIG-IP, which enable unauthorized access to sensitive data.
- A robust firewall can help prevent the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities, like those found in MOVEit (CVE-2023-34362) and Fortinet FortiOS and FortiProxy SSL-VPN (CVE-2023-27997), which could potentially result in unauthorized access and remote code execution.
- In an effort to combat these vulnerabilities, the Cybersecurity and Infrastructure Security Agency (CISA) is urging technology companies, including Cisco and Fortinet, to eliminate coding errors and vulnerabilities from their products, as they can inflict significant damage, as seen with the Clop ransomware group, responsible for stealing sensitive data from over 2,700 organizations.
