The top 5 security vulnerabilities for 2023 have been revealed by a recent study, with Apache and OpenSSH services being the most vulnerable.
MOVEit and Barracuda Networks’ attacks on the email supply chain have had a significant impact on the threat environment.
Cybercriminal groups like Cl0p are increasingly focusing on new software products, finding zero-day vulnerabilities early and waiting to attack them after the product has a sizable user base.
Researchers from SecurityScorecard’s Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team have reported 1,8002,500 vulnerable MOVEit servers spread among about 7,000 organizations, including 200 governmental organizations.
Despite the latest developments, the MOVEit vulnerability did not reach the top five list.
Top 5 vulnerabilities of 2023
- CVE-2021-41617 (OpenSSH 6.2 through 8.7)
- CVE-2020-14145 (OpenSSH 5.7 through 8.4)
- CVE-2022-22719 (Apache HTTP Server 2.4.48 and earlier)
- CVE-2022-22721 (Apache HTTP Server 2.4.52 and earlier)
- CVE-2022-22720 (Apache HTTP Server 2.4.52 and earlier)
CVE-2021-41617 (OpenSSH 6.2 through 8.7)
The CVE-2021-41617 flaw was identified in OpenSSH, a popular networking software package that includes the SSH protocol.
The food and hotel industries, as well as information services, are particularly vulnerable. It enables logged-in users to circumvent some security limitations that are usually in place.
This might allow them to get unauthorized access to sensitive information or systems.
OpenSSH has subsequently issued a fix for this particular vulnerability.
CVE-2020-14145 (OpenSSH 5.7 through 8.4)
The OpenSSH vulnerability CVE-2020-14145, which affects versions 5.7 through 8.4, was also found. The entertainment, technology, and healthcare sectors were particularly vulnerable.
This weakness is defined as an observable discrepancy that causes information to leak during algorithm negotiation.
CVE-2022-22719 (Apache HTTP Server 2.4.48 and earlier)
The most extensively used web server software in the world, Apache HTTP Server, has a high-severity vulnerability known as CVE-2022-22719. The construction, pharmaceutical, and insurance industries are primarily impacted.
A Denial of Service (DoS) might be caused by an attacker using this vulnerability. The Apache Software Foundation has issued a patch in version 2.4.49.
CVE-2022-22721 (Apache HTTP Server 2.4.52 and earlier)
The Apache HTTP Server 2.4 versions before 2.4.52 are vulnerable to CVE-2022-22721. This flaw mostly affects the construction, pharmaceutical, and insurance sectors.
Threat actors could be able to execute arbitrary code or start a DoS by using this vulnerability. If an organization is experiencing issues with this, they should reduce the value of a setting named “LimitXMLRequestBody” to less than 350MB.
CVE-2022-22720 (Apache HTTP Server 2.4.52 and earlier)
DoS flaw tracked as CVE-2022-22720 was found in Apache HTTP Server versions 2.4.0 to 2.4.51.
When a server responds to a specifically constructed request for a proxied host, this vulnerability is exploited. This leads to an infinite loop on the server, which consumes all of the CPU resources and results in a denial of service.
The Apache HTTP Server version 2.4.52 has a patch available from the Apache Software Foundation to fix this issue.
“As we move into the second half of 2023, we anticipate a continuation of this trend of threat actors targeting newly released software products”, says the report.
“Cybercriminals groups are likely to will continue to identify and exploit zero-day vulnerabilities, increasing the scope and severity of potential attacks.”