Today's enterprises are increasingly threatened by malicious external actors that exploit flaws in applications or systems to compromise data security. In the process of trying to find the best ways to secure your data, you've probably heard the term CVE and wondered what it means.
So, what is a CVE in cyber security? CVE is short for Common Vulnerabilities and Exposure and pertains to a list of publicly disclosed and documented security flaws. But when someone refers to a CVE, they mean the specific vulnerability with an assigned numeric ID or CVE number.
So then you might ask, “What is a CVE number?” The number corresponds to a detected vulnerability's unique identity. CVE identifiers are assigned by a CVE Numbering Authority, which currently numbers over 100 and comprises major IT suppliers, security firms, research organizations, and MITRE Corporation.
Every year, thousands of identified security flaws are reported in different databases, advisory boards, and bug trackers. So when you use a CVE search tool, you only need to input its ID to get detailed information about it.
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published an advisory on extensively exploited vulnerabilities, advising that systems be patched to avoid a breach.
Top Ten Biggest CVEs in the Last Decade
Below are some of the top vulnerabilities within the last 10 years or so to watch out for.
This vulnerability discovered in the arbitrary code execution in Citrix VPN appliances lets an attacker enumerate system directories and perform directory traversal. They can use it to execute command and control software and have unauthorized access to the local operating system.
2. CVE 2019-11510
This is another vulnerability targeting VPNs that focuses on Pulse Secure VPN servers and their unauthenticated arbitrary file disclosure. Malicious actors can exploit this vulnerability to browse the contents of system files and gain local passwords. Additionally, they can collect admin session data and replay session tokens, enabling them to run erroneous scripts on any VPN-connected computer.
Multiple malware attacks, including the REvil/Sodinokibi ransomware, have taken advantage of this vulnerability.
This was discovered as a vulnerability in Microsoft Office and allows adversaries to execute arbitrary code in the context of a user who cannot manage memory objects properly. Known as the Microsoft Office Memory Corruption Vulnerability, attackers routinely take advantage of this weakness due to Microsoft Office's widespread use on personal computers.
Unsurprisingly, this has resulted in a slew of malware and cyber espionage activities, such as the LokiBot. This vulnerability is routinely used by state-sponsored attackers from China, Iran, North Korea, and Russia.
A vulnerability in the XML deserialization component of Microsoft SharePoint allows remote attackers to execute arbitrary code on unprotected server hosts. Once a web shell malware is installed, the software cannot validate the source code. This vulnerability has been exploited by malware phishing and the WickrMe/Hello ransomware attacks.
Earlier versions of the Drupal 7 and 8 cores contain a flaw that allows malicious actors to execute arbitrary code as a result of a problem affecting several subsystems with default or common module configurations. A remote attacker sends data to trigger a flaw in processing render arrays in the form API, causing the targeted system to render the attacker-supplied data and run an erratic code. Muhstik botnet and XMRig Monero cryptocurrency mining are two malware operations related to this vulnerability.
This vulnerability, which was identified as the second-most exploited in 2020, allows attackers to execute arbitrary PHP code on numerous IoT devices that use the NoneCMS ThinkPHP framework. Numerous malware campaigns have been associated with the exploitation of this weakness, including the SpeakUp backdoor, the Mirai botnet, and other bitcoin miners.
This flaw is discovered in several Microsoft products and allows malicious cyber actors to run arbitrary code in three ways: website, Office document, or .rtf file. Once clicked, it triggers “system state” corruption and launches a malware attack on the affected system. As of December 2019, Chinese attackers have repeatedly used this vulnerability in their operations despite being outdated in the list of CVE vulnerabilities.
8. CVE 2018-13379
Another VPN-related vulnerability based on unverified directory traversal, this vulnerability affects Fortinet Secure Sockets Layer (SSL) and enables cyber threat actors to access the session file. They then can retrieve clear-text credentials. Persistent exploitation of this vulnerability has resulted in several state-sponsored and malware attacks, the most notorious being the Cring ransomware.
Microsoft Office Memory Corruption Vulnerability affects multiple Microsoft Office products and allows remote attackers to run arbitrary code via crafted .rtf. It is among the most exploited vulnerabilities in 2019 and associated with Toshliph and UWarrior malware.
While fairly new, this lets an unauthenticated attacker impersonate a domain-joined computer—especially an unprotected domain controller—to retrieve domain administrator privileges. It exploits the Microsoft Windows Netlogon Remote Protocol. A group of nation-state advanced persistent threat actors exploit this vulnerability in compromising target networks by using the MobileIron CVE-2020-15505 flaw for initial access.
Once you understand what CVE is in cyber security, you have to keep track of weaknesses. Stay on top of existing and emerging vulnerabilities across all potential attack surfaces in your organization with minimal effort and maximum efficiency. Vulcan offers a cyber risk management platform covering all your bases, from different teams to various tools.
The Vulcan Cyber Remedy Cloud is a free, comprehensive resource for information about the latest vulnerabilities, their severity, and their fixes. Stay ahead of the threats by checking out the Remedy Cloud today.