12 most common vulnerabilities exploited by cybercriminals


The FBI and Cybersecurity and Infrastructure Security Agency published new security guidance July 28 urging public and private organizations to secure their IT networks and unveiled the top 12 commonly exploited vulnerabilities hackers target. 

The FBI and the agency collaborated with the Australian Cyber Security Centre and the United Kingdom's National Cyber Security Center on the advisory. 

​​"Four of the most targeted vulnerabilities in 2020 affected remote work, VPNs, or cloud-based technologies," the agencies stated in the report. "Many VPN gateway devices remained unpatched during 2020, with the growth of remote work options challenging the ability of organizations to conduct rigorous patch management." 

Here are the 12 most exploited common vulnerabilities and exposures (CVEs) routinely exploited by malicious cyber actors in 2020, according to the report. 

1. Citrix: CVE-201919781 — arbitrary code execution 

2. Pulse: CVE 2019-11510 — arbitrary file reading 

3. Fortinet: CVE 2018-13379 — path traversal 

4. F5- Big IP: CVE 2020-5902 — remote code execution 

5. MobileIron: CVE 2020-15505 — remote code execution 

6. Microsoft: CVE-2017-11882 — remote code execution 

7. Atlassian: CVE-2019-11580 — remote code execution 

8. Drupal: CVE-2018-7600 — remote code execution 

9. Telerik: CVE 2019-18935 — remote code execution 

10. Microsoft: CVE-2019-0604 — remote code execution 

11. Microsoft: CVE-2020-0787 — elevation of privilege 

12. Netlogon: CVE-2020-1472 — elevation of privilege 

Click here to view the full report.


Copyright © 2021 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars