5 Most COMMONLY exploited vulnerabilities today – Part 1

by | Feb 15, 2023

Cybersecurity is like a never-ending game of whack-a-mole – as soon as you fix one vulnerability, another one pops up. But it’s not just about fixing problems; it’s about preventing them from happening in the first place. It’s time to get ahead of the game and equip ourselves with the right set of tools, controls, and processes to prevent these attacks before they happen. Join us as we delve into the five most commonly exploited vulnerabilities of 2023 and learn how to safeguard your business against these persistent threats. 

Here is a list of top exploited vulnerabilities as spotted by Veriti’s research team (CVE numbers are detailed below). The below attacks could have been patched if the proper vulnerability protection was turned on/ patching process had been implemented. 

top exploited vulnerabilities

As spotted by Veriti’s research team

0%

CODE EXECUTION

0%

COMMAND INJECTION

0%

DIRECTORY TRAVERSAL

0%

INFORMATION DISCLOSURE

0%

AUTHENTICATION BYPASS

REMOTE CODE EXECUTION 

Starting from the top, the first one is remote code execution (RCE), the reigning champion of vulnerabilities. With its widespread impact, RCE links to two of the most notable applications that act as fertile ground for exploited vulnerabilities in recent times: Apache Struts and Microsoft Exchange.  

Remote code execution is a vulnerability that allows attackers to execute arbitrary code on a targeted system, typically over a network connection. This vulnerability can occur when an application fails to properly validate user input, allowing attackers to inject malicious code into the application and have it executed on the target system.

Apache Struts 

Apache Struts-related CVEs (Common Vulnerabilities and Exposures) are a crucial concern for organizations. One of the most well-known CVEs is CVE-2017-5638., which was responsible for the high-profile Equifax data breach. In this breach, the personal information of 143 million Americans was put at risk, highlighting the consequences of unpatched vulnerabilities. 

Apache Struts is a free, open-source, MVC framework for creating elegant, modern Java web applications. It favors convention over configuration, is extensible using a plugin architecture, and ships with plugins to support REST, AJAX and JSON.

The vulnerability in Apache Struts, an open-source web application framework for developing Java EE web applications, arose from incorrect exception handling and error message generation during file upload attempts. This flaw allowed remote attackers to execute arbitrary commands on the targeted system by sending a specially crafted Content-Type or Content-Disposition.  

It is still armed and dangerous, and for some reason, organizations still choose not to protect themselves from this attack. 

still armed and dangerous

Adding to the threat posed by CVE-2017-5638, there is another dangerous family member: CVE-2018-11776,. This vulnerability is considered even more critical than its cousin, as it operates at a deeper level within the code and is more difficult for researchers to identify. 

As shown in the chart below, in the last months, organizations have faced increased exploitation of both vulnerabilities. These vulnerabilities have garnered renewed attention and pose a significant threat to the security of impacted organizations. This serves as a reminder of the ongoing importance of staying vigilant and proactive in the face of evolving security threats. 

Organizations attacked by CVEs

The following charts provide a visual representation of the geographical distribution of the targeted organizations, the industries they belong to, along with a timeline that details the identified vulnerabilities and volume of attack incidents.

Top Countries

United States
Israel
India
France

Top Industries

ISP/MSP
Manufacturing
Education

Other popular RCE CVEs

Other popular RCE CVEs (as spotted by Veriti’s researchers) that, for some reason, are continuously being exploited by cyber attackers without any response are:  

Vulnerability  Description 
CVE-2017-12611 Apache Struts2 Freemarker Remote Code Execution   
CVE-2016-4438 Apache Struts REST plugin Remote Code Execution
CVE-2017-12617 Apache Tomcat HTTP PUT Remote Code Execution  
CVE-2017-12615 Apache Tomcat PUT Method Arbitrary File Upload Remote Code Execution  
CVE-2016-3081 Apache Struts Dynamic Method Remote Code Execution  
CVE-2017-9805 Apache Struts REST Plugin XStream Deserialization Remote Code Execution  

Microsoft Exchange 

We all learned to love or at least appreciate Microsoft Exchange. After all, it is the unsung hero of corporate communications.  

Microsoft Exchange is a server software developed by Microsoft Corporation for managing email, scheduling, and other communications in a corporate environment. It provides a secure and reliable platform for businesses to manage their communications and collaborate effectively with employees, customers, and partners

But when it comes to CVE-2021-26855, the hero mistakenly compromises the organization, allowing attackers to steal sensitive data and gain long-term access to victim environments. This attack is a server-side request forgery (SSRF) vulnerability in Exchange, allowing attackers to send arbitrary HTTP requests and authenticate as the Exchange server.  Microsoft Threat Intelligence Center (MSTIC) has identified the source of the recent Microsoft Exchange attacks as HAFNIUM, a state-sponsored hacking group operating out of China. This conclusion was reached with high confidence based on the analysis of the techniques, tactics, and procedures used in the campaign. 

The SSRF vulnerability

Another Microsoft Exchange vulnerability that attackers exploit even in greater numbers (as seen on the table below) is CVE-2021-34473. This SSRF vulnerability is a sneaky one, allowing attackers to manipulate a vulnerable server into doing their bidding. That’s right, no authentication is needed – the attacker tricks the server into thinking it’s making requests on behalf of a trusted source. This happens because of a path confusion issue, where the server gets mixed up on which request it should be making. 

Organizations attacked by CVEs

Taking the proactive approach

As cyber threats become more sophisticated, organizations can no longer afford to take a reactive approach to security. Known vulnerabilities with CVSS scores of 9 and above, if left unaddressed, can result in disastrous consequences such as data breaches and significant downtime. However, many organizations are hesitant to switch to block mode to prevent these vulnerabilities from being exploited, fearing that doing so may cause unintended downtime and negatively impact business operations. To address this challenge, organizations should continuously and automatically assess their security configurations and correlate them with security logs to ensure that they are properly secured while minimizing the risk of downtime. By prioritizing proactive security measures, organizations can better protect themselves from potential threats and maintain business uptime without sacrificing security. 

Get your security controls assessment now


Recommended Articles

Subscribe to our BLOG

Get the latest security insights, news and articles delivered to your inbox.

Product

Product Overview

Maximize security posture while ensuring business uptime

Odin

AI-Powered Contextual Cybersearch

Automated Security Controls Assessment

Validate your security control

Integrations

Connect Veriti with your security solutions

Use Cases

Agentless OS-Level Remediation

Proactively safeguard your systems directly at the OS-Level on the endpoint

Vulnerability Remediation

Safely remediate vulnerabilities in one click

Business Continuity

Reduce alert fatigue. Increase Security Effectiveness

MISCONFIGURATION MANAGEMENT

Proactively neutralize misconfigurations to minimize exposure risks

Mobilizing Threat Remediation

Identify and mobilize threat remediation across the security stack automatically.

GENERATIVE AI SECURITY

Chat with your environment to cut MTTR times drastically

Solutions

Safe Remediation

Ensure remediation actions do not give rise to additional exposures

MITRE ATT&CK®

Quickly respond to live threats with safe and precise remediation

VERITI FOR Enterprises

Increase business outcomes

VERITI FOR MSSPs

Efficiently manage multiple clients in a consolidated platform

VERITI FOR HEALTHCARE

Neutralize security gaps without impacting healthcare operations

VERITI FOR MANUFACTURING

Protect the heart of your production processes

SEC AND THE BUSINESS

A security pro’s guide to exposure assessments and remediation

 

Read Whitepaper >>

Resources

See all resources

Blog

Veriti's security blog

Downloads

The latest guides, white papers and infographics

Events

Live event and on-demand webinars

Glossary

Our Comprehensive Definitions Guide

MASTERING MODERN OS-LEVEL SECURITY: THE AGENTLESS APPROACH

WATCH NOW>>

Our Story

Learn about Veriti

Careers

Work with us

Newsroom

Our latest updates

Contact US

Get in touch

CHANNEL PARTNERS

Become a partner

MSSPs

Reduce operational costs