A cybersecurity advisory issued by members of the ‘Five Eyes’ intelligence alliance lists the most-exploited vulnerabilities of 2021.
The Five Eyes consists of the US, UK, Canada, Australia, and New Zealand. Over recent weeks, cybersecurity authorities from the normally secretive alliance have issued a number of joint statements amid increasing global threats.
According to the alliance, here were the top 15 “routinely exploited” vulnerabilities in 2021:
| CVE | Vulnerability Name | Vendor and Product | Type |
| CVE-2021-44228 | Log4Shell | Apache Log4j | Remote code execution (RCE) |
| CVE-2021-40539 | Zoho ManageEngine AD SelfService Plus | RCE | |
| CVE-2021-34523 | ProxyShell | Microsoft Exchange Server | Elevation of privilege |
| CVE-2021-34473 | ProxyShell | Microsoft Exchange Server | RCE |
| CVE-2021-31207 | ProxyShell | Microsoft Exchange Server | Security feature bypass |
| CVE-2021-27065 | ProxyLogon | Microsoft Exchange Server | RCE |
| CVE-2021-26858 | ProxyLogon | Microsoft Exchange Server | RCE |
| CVE-2021-26857 | ProxyLogon | Microsoft Exchange Server | RCE |
| CVE-2021-26855 | ProxyLogon | Microsoft Exchange Server | RCE |
| CVE-2021-26084 | Atlassian Confluence Server and Data Center | Arbitrary code execution | |
| CVE-2021-21972 | VMware vSphere Client | RCE | |
| CVE-2020-1472 | ZeroLogon | Microsoft Netlogon Remote Protocol (MS-NRPC) | Elevation of privilege |
| CVE-2020-0688 | Microsoft Exchange Server | RCE | |
| CVE-2019-11510 | Pulse Secure Pulse Connect Secure | Arbitrary file reading | |
| CVE-2018-13379 | Fortinet FortiOS and FortiProxy | Path traversal |
The cybersecurity authorities also identified a further 21 vulnerabilities that were routinely exploited last year:
| CVE | Vendor and Product | Type |
| CVE-2021-42237 | Sitecore XP | RCE |
| CVE-2021-35464 | ForgeRock OpenAM server | RCE |
| CVE-2021-27104 | Accellion FTA | OS command execution |
| CVE-2021-27103 | Accellion FTA | Server-side request forgery |
| CVE-2021-27102 | Accellion FTA | OS command execution |
| CVE-2021-27101 | Accellion FTA | SQL injection |
| CVE-2021-21985 | VMware vCenter Server | RCE |
| CVE-2021-20038 | SonicWall Secure Mobile Access (SMA) | RCE |
| CVE-2021-40444 | Microsoft MSHTML | RCE |
| CVE-2021-34527 | Microsoft Windows Print Spooler | RCE |
| CVE-2021-3156 | Sudo | Privilege escalation |
| CVE-2021-27852 | Checkbox Survey | Remote arbitrary code execution |
| CVE-2021-22893 | Pulse Secure Pulse Connect Secure | Remote arbitrary code execution |
| CVE-2021-20016 | SonicWall SSLVPN SMA100 | Improper SQL command neutralization, allowing for credential access |
| CVE-2021-1675 | Windows Print Spooler | RCE |
| CVE-2020-2509 | QNAP QTS and QuTS hero | Remote arbitrary code execution |
| CVE-2019-19781 | Citrix Application Delivery Controller (ADC) and Gateway | Arbitrary code execution |
| CVE-2019-18935 | Progress Telerik UI for ASP.NET AJAX | Code execution |
| CVE-2018-0171 | Cisco IOS Software and IOS XE Software | Remote arbitrary code execution |
| CVE-2017-11882 | Microsoft Office | RCE |
| CVE-2017-0199 | Microsoft Office | RCE |
On average, researchers or other actors released proof of concept (POC) code within two weeks of disclosure for the top vulnerabilities.
However, concerningly, the various cybersecurity authorities note identifying malicious cyber actors continuing to exploit vulnerabilities from 2020 or earlier—indicating that failures to patch software are putting users at risk.
(Photo by Florian Schmetz on Unsplash)
Related: Five Eyes warn of Russian cyberattacks on critical infrastructure
Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.
