Connect with us

Hi, what are you looking for?



Five Eyes Agencies Call Attention to Most Frequently Exploited Vulnerabilities

Five Eyes government agencies have published a list of the software vulnerabilities that were most frequently exploited in malicious attacks in 2022.

Government agencies in Australia, Canada, New Zealand, the UK, and the US have published a list of the software vulnerabilities that were most frequently exploited in malicious attacks in 2022.

Last year, the Five Eyes agencies say, threat actors mainly targeted internet-facing systems that were not patched against older, known vulnerabilities, including flaws for which proof-of-concept (PoC) exploit code exists publicly.

“Malicious cyber actors generally have the most success exploiting known vulnerabilities within the first two years of public disclosure—the value of such vulnerabilities gradually decreases as software is patched or upgraded. Timely patching reduces the effectiveness of known, exploitable vulnerabilities, possibly decreasing the pace of malicious cyber actor operations,” the agencies note.

Threat actors, the agencies say, likely focus on exploits for severe vulnerabilities that have wider impact, which provides them with “low-cost, high-impact tools” that can be used for years, and prioritize exploits for bugs impacting the networks of their specific targets.

Throughout 2022, the reporting agencies observed the frequent exploitation of 12 vulnerabilities, some of which were exploited in previous attacks as well, although patches have been available for years.

The list includes CVE-2018-13379 (Fortinet SSL VPNs), CVE-2021-34473, CVE-2021-31207, CVE-2021-34523 (Microsoft Exchange, ProxyShell), CVE-2021-40539 (Zoho ManageEngine ADSelfService Plus), CVE-2021-26084, CVE-2022-26134 (Atlassian Confluence), CVE-2021- 44228 (Log4Shell), CVE-2022-22954, CVE-2022-22960 (VMware products), CVE-2022-1388 (F5 BIG-IP), and CVE-2022-30190 (Windows, Follina).

Additionally, the Five Eyes agencies call attention to 30 other known vulnerabilities that were routinely exploited in attacks in 2022, in products from Apache, Citrix, F5 Networks, Fortinet, Ivanti, Microsoft, Oracle, QNAP, SAP, SonicWall, VMware, WSO2, and Zimbra.

Advertisement. Scroll to continue reading.

Vendors and developers are advised to audit their environments to identify classes of exploited vulnerabilities and eliminate them, implement secure design practices, prioritize secure-by-default configurations, and follow Secure Software Development Framework (SSDF).

End-user organizations are advised to apply available software updates and patches in a timely manner, perform secure system backups, maintain a cybersecurity incident response plan, implement robust identity and access management policies, ensure that internet-facing network devices are secured, implement Zero Trust Network Architecture (ZTNA), and improve their supply-chain security.

Related: CISA Tells US Agencies to Patch Exploited Roundcube, VMware Flaws

Related: CISA: Several Old Linux Vulnerabilities Exploited in Attacks

Related: 670 ICS Vulnerabilities Disclosed by CISA in First Half of 2023: Analysis

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.