A flaw in Fortinet software is the most abused vulnerability of 2022, as a recent survey by U.S. security and cybersecurity agencies showed. Microsoft also grossed in the number of commonly abused exploits.
In their overview, the security services FBI, NSA and cybersecurity watchdog CISA indicate that hackers have increasingly shifted their interests over the past year to exploiting outdated vulnerabilities in software. This instead of exploiting newly found exploits. In particular, hackers are targeting unpatched systems that are open to the Internet.
Fortinet exploit most exploited
The overview of the 12 most exploited vulnerabilities in 2022 shows that a vulnerability in Fortinet’s software was the most exploited in 2022. It concerns CVE-2018-13379 for various versions of the FortiOS operating system and in the FortiProxy.
This vulnerability that abuses SSL VPN login credentials can allow unauthenticated hackers to download files via specially created HTTP requests.
Other vulnerabilities
Microsoft also scores in the published list. Microsoft vulnerabilities take second, third, fourth and 11th place. For the first three, CVE-2021-34473, CVE-2021-31207, CVE-2021-34523 involve vulnerabilities in Exchange Server. The last one, CVE-2022-30190, involves multiple products.
The list of the 12 most exploited vulnerabilities also includes products from VMware (twice), Atlassian (twice), ZoHo, F5 Networks and Apache.
Tip: ’96 percent of organizations fell victim to supply chain attacks’