In a concerning revelation, cybersecurity agencies from the UK, US, Canada, Australia, and New Zealand, collectively known as the Five Eyes, have published a list of the 15 most exploited software vulnerabilities in 2024. These vulnerabilities underscore the prevalent issue of zero-day flaws and their routine exploitation by malicious actors, often resulting in significant risks to organizations. Ollie Whitehouse, CTO of the UK’s National Cyber Security Centre, emphasizes the need for organizations to promptly apply patches and adopt secure-by-design products to mitigate these threats. The list is a stark reminder of the ongoing challenges in the cybersecurity landscape and the necessity of vigilance and proactive measures.
Citrix holds the dubious honor of occupying the top position on the list due to a remote code execution bug in versions 12 and 13 of NetScaler ADC and Gateway. The software also takes the second spot because of information leakage issues when configured as a gateway or AAA server. This highlights the critical nature of vulnerabilities in widely-used enterprise applications. Cisco, a major player in networking technology, claims the third and fourth positions, with flaws in its IOS XE operating system. These flaws enable attackers to elevate privileges to root, underscoring the importance of securing foundational network infrastructure. Fortinet’s FortiOS ranks fifth, affected by a heap-based buffer overflow vulnerability in the FortiProxy setup tool, which could have severe ramifications for security appliances.
The Middle of the Pack: Widespread Issues
Progress MOVEit Transfer occupies the sixth position on the list, plagued by a SQL injection vulnerability that enables attackers to access various SQL databases. This particular flaw demonstrates the risks associated with data transfer applications and the need for stringent validation mechanisms. Atlassian’s Confluence Data Center and Server rank seventh due to an improper input validation flaw that allows admin-level account creation and code execution. This issue highlights the risks in collaboration platforms, which are increasingly critical for remote and distributed work environments. Despite being an older vulnerability from 2021, the enduring Apache Log4j vulnerability ranks eighth, emphasizing the imperative for consistent patching and update practices.
The ninth spot is taken by Barracuda Networks Email Security Gateway, with a persistent input validation issue that has been actively exploited by Chinese attackers. This vulnerability underscores the importance of email security gateways as frontline defenses against cyber threats and the potential consequences when they are compromised. Zoho’s ManageEngine ranks tenth due to a flaw that allows full system compromise through a crafted XML, indicating the risks associated with poor XML parsing and input validation. The eleventh position is occupied by PaperCut’s print management software, which suffers from a year-old flaw granting unauthenticated remote code execution. This demonstrates the potential risks in seemingly mundane software applications that could serve as entry points for attackers.
The Lower End but Still Severe
Microsoft makes its appearance at twelfth with a longstanding netlogon protocol vulnerability. This flaw is particularly concerning given the widespread use of Microsoft products in enterprise environments and the critical nature of authentication protocols. JetBrains ranks thirteenth due to an authentication bypass in its TeamCity server, highlighting the risks associated with development tools and the importance of securing continuous integration and delivery pipelines. Another Microsoft flaw, this time in Outlook from March 2023, is in fourteenth place. This vulnerability has been exploited by attackers to escalate privileges, showcasing the ongoing challenges in securing email clients and communication tools.
Finally, ownCloud’s open-source file-sharing software rounds out the list, holding the fifteenth position with a CVSS 10-scoring flaw that allows the theft of sensitive credentials. This issue underscores the risks associated with file-sharing applications and the critical need for robust security measures to protect sensitive data. The recurring theme throughout the list is the persistent issue of unpatched vulnerabilities, with some discovered years earlier but still being actively exploited. This highlights the necessity for organizations to maintain updated security measures, promptly apply patches, and insist on secure products by design. The list provides a comprehensive picture of the ongoing threats in the cybersecurity landscape, reinforcing the urgency for network defenders and product developers to prioritize security as an integral aspect of operations and product lifecycle management.
Call to Action for Organizations and Developers
In a concerning revelation, cybersecurity agencies from the UK, US, Canada, Australia, and New Zealand, known as the Five Eyes, have unveiled a list of the 15 most exploited software vulnerabilities in 2024. These vulnerabilities highlight the persistent issue of zero-day flaws and their exploitation by malicious actors, posing significant risks to businesses. Ollie Whitehouse, CTO of the UK’s National Cyber Security Centre, stresses the importance of promptly applying patches and adopting secure-by-design products to counter these threats. This list serves as a stark reminder of the ongoing cybersecurity challenges and the necessity for vigilance and proactive measures.
Citrix tops the list due to a remote code execution bug in versions 12 and 13 of NetScaler ADC and Gateway. It also takes the second spot because of information leakage issues when configured as a gateway or AAA server. This underscores the critical role of securing widely-used enterprise applications. Cisco, a networking technology giant, claims the third and fourth places with flaws in its IOS XE operating system that allow attackers to elevate privileges to root. Fortinet’s FortiOS ranks fifth, impacted by a heap-based buffer overflow vulnerability in the FortiProxy setup tool, which could have serious consequences for security appliances.
