The 15 Most Exploited Vulnerabilities of 2021

Most Exploited Vulnerabilities

The CISA annual report of the most exploited vulnerabilities of the past year is a cautionary tale for software developers and systems administrators. While attackers often use previously discovered vulns to gain an advantage over their victims, the recent spate of new zero-day exploits has proven that old flaws are still a viable attack vector. In many cases, the exploit code is already public, which makes it easy to exploit a flaw.

The cybersecurity & Infrastructure Security Agency and other cybersecurity authorities have recently published an advisory that identifies the 15 most exploited vulnerabilities of 2021. The advisory is based on continuous monitoring of security vulnerabilities. Check Point has identified vulnerabilities that have seen many exploitation attempts in the last year, including Spring4Shell and Log4j. The security firm’s assessment is based on real-time threat intelligence from ThreatCloud.

Other widely routinely exploited vulnerabilities of 2021 include a Log4j vulnerability called “Log4Shell” in the open-source logging framework Apache. When exploited, the vulnerability enables an attacker to execute arbitrary code on a vulnerable system. This vulnerability was only disclosed in December 2021, but is already the most common vulnerability of the decade. The government recently released a joint cybersecurity advisory urging organizations to patch their software and mitigate the risks associated with such flaws.

The 15 Most Exploited Vulnerabilities of 2021

The first widely exploited vulnerability of 2021 is the ‘Log4j’ bug. Known as CVE-2021-44228, this vulnerability in the Apache Log4j library allows remote code execution and is among the most dangerous. This vulnerability has a wide attack surface and is largely exploited because it is widespread. This vulnerability is so common that many organizations were surprised to discover its dependency and did nothing to protect themselves from it.

The first three vulnerabilities that made the top 15 are those in Microsoft Exchange. The first three were found in August last year, and the third two will be discovered in March 2021. These vulnerabilities affect users of Microsoft Exchange 2013, 2016, and 2019, and are commonly exposed to the internet. Malicious actors have released proof-of-concept exploits to target these vulnerable systems before their vendors patch them. The second one affects unpatched email servers.

The third vulnerability on the list is the ‘ZeroLogon’ bug. This vulnerability allows an attacker to execute arbitrary code and steal mailbox content. Researchers have identified other ways to exploit Zerologon, including using the vulnerability as a shell account. It’s possible for an attacker to gain remote access to any device that shares the network. A computer can be compromised through Zerologon if the password is weak and is known by an attacker.

One vulnerability in the top 15 most exploited software in 2021 is CVE-2021-26084. This vulnerability is a critical severity security vulnerability that can allow an attacker to execute arbitrary code on a vulnerable system. This vulnerability affects the Confluence Wiki-style service widely used in enterprise environments. It was reported in August 2021, but many organizations didn’t take action. In September, USCYBERCOM warned that mass exploitation is imminent.