Several international cyber security authorities including the UK’s National Cyber Security Centre have recently collaborated to publish a list of the top 15 most frequently exploited vulnerabilities from last year.
It should be noted that many of these exploits continue to be successfully used by cybercriminals and nation-state threat actors in 2024.
The top 15 vulnerabilities along with the services targeted may be summarised as follows:
- CVE-2023-3519: Citrix NetScaler ADC and NetScaler Gateway
This vulnerability allows attackers to inject malicious code into NetScaler ADC and Gateway. The flaw occurs due to improper validation of input data. Successful exploitation could allow attackers to execute arbitrary code on affected systems, leading to potential system compromise.
- CVE-2023-4966: Citrix NetScaler ADC and NetScaler Gateway
A buffer overflow vulnerability in Citrix’s NetScaler ADC and Gateway products allows attackers to overflow a buffer in memory, potentially enabling arbitrary code execution and causing the system to crash.
- CVE-2023-20198: Cisco IOS XE Web UI
An issue in Cisco’s IOS XE Web UI allows unauthorised users to escalate their privileges and gain higher levels of access within the system. Exploiting this vulnerability could lead to a complete compromise of the affected system.
- CVE-2023-20273: Cisco IOS XE
A command injection vulnerability allows attackers to inject malicious operating system commands, leading to system manipulation or compromise.
- CVE-2023-27997: Fortinet FortiOS and FortiProxy SSL-VPN
A heap-based buffer overflow in FortiOS and FortiProxy SSL-VPN products can lead to arbitrary code execution when attackers send malicious data.
- CVE-2023-34362: Progress Moveit Transfer
An SQL injection vulnerability in Progress MOVEit Transfer allows attackers to execute arbitrary SQL queries. This could lead to unauthorised data access or manipulation.
- CVE-2023-22515: Atlassian Confluence Data Center and Server
A broken access control vulnerability in Confluence Data Centre and Server versions can allow unauthorised users to access restricted information.
- CVE-2021-44228: Log4Shell – Apache Log4j2
One of the most infamous vulnerabilities of 2021, Log4Shell allows remote code execution by exploiting how Log4j2 processes certain log messages. This flaw enables attackers to execute arbitrary code and potentially take control of affected systems.
- CVE-2023-2868: Barracuda Networks ESG Appliance
This vulnerability in Barracuda ESG Appliances can allow attackers to inject malicious commands, compromising system integrity and confidentiality.
- CVE-2022-47966: Zoho ManageEngine Multiple Products
A remote code execution vulnerability in Zoho ManageEngine products allows attackers to execute arbitrary code through specially crafted input.
- CVE-2023-27350: Papercut MF/NG
The vulnerability in PaperCut MF/NG allows unauthorised users to gain administrative privileges, potentially affecting printing and access control systems.
- CVE-2020-1472: Microsoft Netlogon
This privilege escalation flaw in Microsoft’s Netlogon can allow attackers to elevate their privileges on a network. This has been widely exploited in ransomware attacks.
- CVE-2023-42793: JetBrains TeamCity
A vulnerability in JetBrains TeamCity allows attackers to bypass authentication and gain unauthorised access to TeamCity instances.
- CVE-2023-23397: Microsoft Office Outlook
Exploited through crafted Outlook emails, this vulnerability allows attackers to execute malicious code with elevated privileges.
- CVE-2023-49103: ownCloud graphapi
An information disclosure vulnerability in ownCloud’s graphapi component exposes sensitive data to unauthorised users.
Further information on the above exploits is available here.
Griffiths & Armour recommends that organisations review their cyber risk management controls in light of these new findings. To support our clients we can conduct Cyber insurance assessments to reduce cyber risk and aid the understanding of cyber risk exposure to inform the insurance risk transfer strategy. Further cyber risk and cyber incident response guidance supplemented by template policies and plan documentation plus e-learning is available via RMworks, which is available to all Griffiths & Armour clients.
For further information and support, please get in touch.
