Cybercriminals took their best chance in 2024 by exploiting the vulnerabilities that are already known by everyone; frequently targeting certain systems before organisations can put in the necessary repairs. The top vulnerabilities list is compiled by the worldwide cyber security organisations such as the ACSC (Australian Cyber Security Centre) in Australia. It denotes the urgency that calls for preventative measures in protection. We explore these weaknesses in this blog with practical tips for Australian companies on how to improve their resilience against cyber attacks.
Top 15 Routinely Exploited Vulnerabilities in 2023
Cyber actors relied on these vulnerabilities most in the years 2023 and 2024. The vulnerabilities are some of the glaring illustrations to prove how unpatched systems could expose businesses to ransomware, data theft, and security breaches.
| CVE | Product(s) | Vulnerability Type | Impact |
| – CVE-2023-3519 | – Citrix NetScaler ADC – NetScaler Gateway | Code Injection | Allows unauthenticated attackers to exploit a stack buffer overflow. |
| – CVE-2023-4966 | – Citrix NetScaler ADC – NetScaler Gateway | Buffer Overflow | Allows session token leakage (Citrix Bleed vulnerability). |
| – CVE-2023-20198 | Cisco IOS XE Web UI | Privilege Escalation | Enables unauthorised users to create accounts and gain access. |
| – CVE-2023-20273 | Cisco IOS XE | OS Command Injection | Allows privilege escalation to root. |
| – CVE-2023-27997 | – Fortinet FortiOS – FortiProxy SSL-VPN | Heap-Based Buffer Overflow | Allows remote code execution. |
| – CVE-2023-34362 | Progress MOVEit Transfer | SQL Injection | Enables API access token abuse leading to remote code execution. |
| – CVE-2023-22515 | Atlassian Confluence Data Center and Server | Broken Access Control | Allows attackers to create administrator accounts and upload malicious plugins. |
| – CVE-2021-44228 | Apache Log4j2 (Log4Shell) | Remote Code Execution (RCE) | Allows attackers to take full control of a vulnerable system. |
| – CVE-2023-2868 | Barracuda ESG Appliance | Improper Input Validation | Allows remote command execution. |
| – CVE-2022-47966 | Zoho ManageEngine Products | Remote Code Execution | Exploited via SAML endpoint to execute arbitrary code. |
| – CVE-2023-27350 | PaperCut MF/NG | Improper Access Control | Allows bypassing authentication and executing code. |
| – CVE-2020-1472 | Microsoft Netlogon | Privilege Escalation | Allows unauthorised users to establish vulnerable connections to domain controllers. |
| – CVE-2023-42793 | JetBrains TeamCity Servers | Authentication Bypass | Allows remote code execution. |
| – CVE-2023-23397 | Microsoft Office Outlook | Privilege Escalation | Triggered by specially crafted emails, even without user interaction. |
| – CVE-2023-49103 | ownCloud graphapi | Information Disclosure | Allows unauthenticated users to access sensitive data like admin passwords. |
Additional Routinely Exploited Vulnerabilities
These additional vulnerabilities were also routinely targeted by malicious actors in 2023 and 2024:
| CVE | Product | Vulnerability Type |
| CVE-2023-22518 | Atlassian Confluence Data Center and Server | Improper Authorisation. |
| CVE-2023-29492 | Novi Survey | Insecure Deserialisation. |
| CVE-2021-27860 | FatPipe WARP, IPVPN, and MPVPN | Configuration Upload Exploit. |
| CVE-2021-40539 | Zoho ManageEngine ADSelfService Plus | Authentication Bypass. |
| CVE-2023-0669 | Fortra GoAnywhere MFT | Remote Code Execution. |
| CVE-2021-22986 | F5 BIG-IP and BIG-IQ | Server-Side Request Forgery (SSRF). |
| CVE-2019-0708 | Microsoft Remote Desktop Services | Remote Code Execution. |
| CVE-2018-13379 | Fortinet FortiOS SSL-VPN | Path Traversal. |
| CVE-2022-3236 | Sophos Firewall | Code Injection. |
| CVE-2021-26084 | Atlassian Confluence | OGNL Injection. |
| CVE-2022-26134 | Atlassian Confluence | Remote Code Execution. |
| CVE-2023-38831 | WinRAR | Code Execution. |
| CVE-2021-33044 | Dahua Products | Authentication Bypass. |
| CVE-2019-11510 | Ivanti Pulse Connect Secure | Arbitrary File Read. |
Key Takeaways: Cybercriminals targeted zero-day exploits incessantly. Pay attention to internet-reachable systems that are mission-critical in your organisation.
Why Business should Pay Attention?
Importance of Attention for Businesses According to the ACSC, malicious cyber actors exploit these vulnerabilities just as they become public. Hence, any organisation without patched systems on time has severe financial and reputational exposure.
- Recent Attacks: Much of the assault against Australian businesses has taken place in sectors including government, healthcare, and finance.
- Zero-Day Exploits: In 2023, the exploitation of zero-day vulnerabilities was greater than in years past, which shows the increasing proficiency of the cyber actors.
Mitigation Strategies for 2024
- Centralised Patch Management: A centralised patch management system should be established to ensure that all systems receive up-to-date patches.
- Endpoint Security: It should include endpoint detection and response (EDR) tools to enable early detection of suspicious activities.
- Access Control: Multi-Factor Authentication must be enforced for all user accounts as part of access controls, especially on remote access systems and VPNs.
- System Hardening: Hardening of systems refers to ensuring secure configurations, shutting down redundant ports, and eliminating default passwords.
- Incident Response Plans: Systems should be tested regularly for incident response procedures to ensure prompt recovery in the event of an attack by cyber criminals.
Conclusion
In conclusion, the list of frequently exploited vulnerabilities in 2023 and 2024, monitoring, cyber hygiene, and timely patching are among the necessities for protecting companies. By taking action against these vulnerabilities and building resilience now, organisations can stand firm against hackers in 2024.
Connect now with ARANKISH for a specialised cyber security assessment or improve your patch management approaches.