10 Most Exploited Vulnerabilities of 2022, according to CISA

Here's a look inside.

Each year, the US Cybersecurity & Infrastructure Security Agency publishes a list of the world's most widely exploited vulnerabilities.
The data is collected from CISA's partners in the US, including the FBI and NSA, as well as National Cyber Security Centers across Australia, Canada, New Zealand, and the UK.

This annual list represents one of the most accurate and up-to-date resources for organizations seeking to understand and defend against their highest priority CVEs.

Key Findings

Typically, recently disclosed vulnerabilities offer hackers the greatest likelihood of success since it usually takes up to two years for patches to reach widespread adoption. However, in 2022, malicious actors focused their efforts on exploiting older software vulnerabilities, rather than developing new exploits. This may be because PoC code for older vulnerabilities are now widely available, helping to facilitate the development, execution, and spread of malicious exploits.

As usual, major targets included unpatched, internet-facing systems with a focus on critical and globally prevalent vulnerabilities. However, it's important to note that more sophisticated actors specializing in a particular industry continue to develop niche exploitations for their target sectors.

The 10 Most Exploited Vulnerabilities of 2022

CVE-2018-13379 - Path Traversal
This vulnerability has been around for several years and affects Fortinet SSL VPNs. The fact that it continues to be exploited suggests that end users have been slow in applying patches.

CVE-2021-34473, CVE-2021-31207, CVE-2021-34523 – Remote Code Execution
These vulnerabilities target Microsoft Exchange email servers. The vulnerabilities are present within the CAS (Client Access Service) which is often exposed to the internet, allowing users to access their emails. A successful attack will enable hackers to perform remote code execution.

CVE-2021-40539 - Authentication Bypass
Due to a vulnerability in a third-party dependency, Zoho ManageEngine ADSelfService Plus has been vulnerable to authentication bypass leading to remote code execution.

CVE-2021-26084 - OGNL Injection
This vulnerability reached mass exploitation extremely quickly. It affects the Atlassian Confluence Server and Data Center, and allows attackers to execute malicious code on infected systems.

CVE-2021-44228 – Remote Code Execution
The infamous Log4Shell vulnerability, affecting Apache's Log4j library. First released in 2021, it remained popular throughout 2022. Attackers leverage specially crafted requests to execute arbitrary code leading to full system control. This is often used to launch ransomware.

CVE-2022-22954, CVE-2022-22960 - Server-Side Template Injection
These vulnerabilities affect several VMware products, and first appeared in 2022. A successful exploitation will lead to server-side template injection and, ultimately, remote code execution.

CVE-2022-1388 - Missing Authentication
Hackers leverage this vulnerability to bypass iControl REST authentication. It affects F5 BIG-IP 16.1.x versions prior to, 15.1.x versions prior to, 14.1.x versions prior to, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions.


To mitigate these vulnerabilities, CISA recommends that vendors and developers follow the Secure Software Development Framework (SSDF), implement SDLC principles during development, and establish a vulnerability disclosure program to determine the root causes of discovered flaws.

In addition, end users are advised to implement an effective patch management system and leverage common security tools including firewalls, EDR systems, and network protocol analyzers.

Finally, all organizations should perform security due diligence before partnering with solution providers, downloading applications, or leveraging software dependencies.

Read the full CISA advisory: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a

Silent Breach security experts possess decades of experience protecting organizations against their greatest digital threats. Contact an expert today for a free consultation.

Similar Reads:
Top 10 Challenges Facing CISOs in 2023
Leveraging Threat Intelligence to Defend Against Ransomware
Transforming Cybersecurity with Predictive Breach Detection

About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.