According to the “Top Routinely Exploited Vulnerabilities” report, some of 2021’s top 15 most exploited software vulnerabilities come from companies like Microsoft, Apache and VMware.

The report was released by cybersecurity authorities from the Five Eyes nations Australia, Canada, New Zealand, the U.K., and the U.S.

Some of the weaponized flaws included a remote code execution bug in Microsoft Exchange Server (CVE-2020-0688), an arbitrary file read vulnerability in Pulse Secure Pulse Connect Secure (CVE-2019-11510), and a path traversal defect in Fortinet FortiOS and FortiProxy (CVE-2018-13379).

Nine of the top 15 exploits were remote code execution vulnerabilities. Other vulnerabilities included elevation of privilege and arbitrary code execution exploits.

“Globally, in 2021, malicious cyber actors targeted internet-facing systems, such as email servers and virtual private network (VPN) servers, with exploits of newly disclosed vulnerabilities,” the agencies said in a joint advisory.

“For most of the top exploited vulnerabilities, researchers or other actors released proof of concept (PoC) code within two weeks of the vulnerability’s disclosure, likely facilitating exploitation by a broader range of malicious actors.”

To mitigate the risk of these publicly known software vulnerabilities, the agencies recommend you patch exploits in a timely manner, and implement a centralized patch management system.

Story via The Hacker News