Next Gen Security Testing Services

Business Security Essentials | Most Routinely Exploited Vulnerabilities 2022

Business Security Essentials – What are the most routinely exploited Vulnerabilities in 2022?

From remote code execution and privilege escalation to security bypasses and path traversal, software vulnerabilities are a threat actor’s stock-in-trade for initial access and compromise. In the past 12 months, we’ve seen a number of new flaws, including Log4Shell, ProxyShell, and ProxyLogon, being exploited in attacks against enterprises.

CveIDVendorProjectProductVulnerabilityNameshortDescriptionrequiredAction
CVE-2022-22587AppleiOS and macOSApple Memory Corruption VulnerabilityApple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges.Apply updates per vendor instructions.
CVE-2022-21882MicrosoftWin32kMicrosoft Win32k Privilege Escalation VulnerabilityMicrosoft Win32k contains an unspecified vulnerability which allows for privilege escalation.Apply updates per vendor instructions.
CVE-2022-22620AppleWebkitApple Webkit Remote Code Execution VulnerabilityApple Webkit, which impacts iOS, iPadOS, and macOS, contains a vulnerability which allows for remote code execution.Apply updates per vendor instructions.
CVE-2022-24086AdobeCommerce and Magento Open SourceAdobe Commerce and Magento Open Source Improper Input Validation VulnerabilityAdobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution.Apply updates per vendor instructions.
CVE-2022-0609GoogleChromeGoogle Chrome Use-After-Free VulnerabilityThe vulnerability exists due to a use-after-free error within the Animation component in Google Chrome.Apply updates per vendor instructions.
CVE-2022-23131ZabbixFrontendZabbix Frontend Authentication Bypass VulnerabilityUnsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML.Apply updates per vendor instructions.
CVE-2022-23134ZabbixFrontendZabbix Frontend Improper Access Control VulnerabilityMalicious actors can pass step checks and potentially change the configuration of Zabbix Frontend.Apply updates per vendor instructions.
CVE-2022-24682ZimbraWebmailZimbra Webmail Cross-Site Scripting VulnerabilityZimbra webmail clients running versions 8.8.15 P29 & P30 contain a XSS vulnerability that would allow attackers to steal session cookie files.Apply updates per vendor instructions.
CVE-2022-20708CiscoSmall Business RV160, RV260, RV340, and RV345 Series RoutersCisco Small Business RV Series Routers Stack-based Buffer Overflow VulnerabilityA vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).Apply updates per vendor instructions.
CVE-2022-20703CiscoSmall Business RV160, RV260, RV340, and RV345 Series RoutersCisco Small Business RV Series Routers Stack-based Buffer Overflow VulnerabilityA vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).Apply updates per vendor instructions.
CVE-2022-20701CiscoSmall Business RV160, RV260, RV340, and RV345 Series RoutersCisco Small Business RV Series Routers Stack-based Buffer Overflow VulnerabilityA vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).Apply updates per vendor instructions.
CVE-2022-20700CiscoSmall Business RV160, RV260, RV340, and RV345 Series RoutersCisco Small Business RV Series Routers Stack-based Buffer Overflow VulnerabilityA vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).Apply updates per vendor instructions.
CVE-2022-20699CiscoSmall Business RV160, RV260, RV340, and RV345 Series RoutersCisco Small Business RV Series Routers Stack-based Buffer Overflow VulnerabilityA vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).Apply updates per vendor instructions.
CVE-2022-26486MozillaFirefoxMozilla Firefox Use-After-Free VulnerabilityMozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution.Apply updates per vendor instructions.
CVE-2022-26485MozillaFirefoxMozilla Firefox Use-After-Free VulnerabilityMozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution.Apply updates per vendor instructions.
CVE-2022-26318WatchGuardFirebox and XTM AppliancesWatchGuard Firebox and XTM Appliances Arbitrary Code ExecutionOn WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code.Apply updates per vendor instructions.
CVE-2022-26143MitelMiCollab, MiVoice Business ExpressMiCollab, MiVoice Business Express Access Control VulnerabilityA vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system.Apply updates per vendor instructions.
CVE-2022-21999MicrosoftWindowsMicrosoft Windows Print Spooler Privilege Escalation VulnerabilityMicrosoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.Apply updates per vendor instructions.
CVE-2022-1096GoogleChromium V8Google Chromium V8 Type Confusion VulnerabilityThe vulnerability exists due to a type confusion error within the V8 component in Chromium, affecting all Chromium-based browsers.Apply updates per vendor instructions.
CVE-2022-0543RedisDebian-specific Redis ServersDebian-specific Redis Server Lua Sandbox Escape VulnerabilityRedis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.Apply updates per vendor instructions.
CVE-2022-26871Trend MicroApex CentralTrend Micro Apex Central Arbitrary File Upload VulnerabilityAn arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution.Apply updates per vendor instructions.
CVE-2022-1040SophosFirewallSophos Firewall Authentication Bypass VulnerabilityAn authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.Apply updates per vendor instructions.
CVE-2022-22965VMwareSpring FrameworkSpring Framework JDK 9+ Remote Code Execution VulnerabilitySpring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.Apply updates per vendor instructions.
CVE-2022-22675ApplemacOSApple macOS Out-of-Bounds Write VulnerabilitymacOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges.Apply updates per vendor instructions.
CVE-2022-22674ApplemacOSApple macOS Out-of-Bounds Read VulnerabilitymacOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory.Apply updates per vendor instructions.
CVE-2022-23176WatchGuardFirebox and XTMWatchGuard Firebox and XTM Privilege Escalation VulnerabilityWatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access.Apply updates per vendor instructions.
CVE-2022-24521MicrosoftWindowsMicrosoft Windows CLFS Driver Privilege Escalation VulnerabilityMicrosoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.Apply updates per vendor instructions.
CVE-2022-22954VMwareWorkspace ONE Access and Identity ManagerVMware Workspace ONE Access and Identity Manager Server-Side Template Injection VulnerabilityVMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection.Apply updates per vendor instructions.
CVE-2022-22960VMwareMultiple ProductsVMware Multiple Products Privilege Escalation VulnerabilityVMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.Apply updates per vendor instructions.
CVE-2022-1364GoogleChromium V8 EngineGoogle Chromium V8 Type Confusion VulnerabilityGoogle Chromium V8 engine contains a type confusion vulnerability.Apply updates per vendor instructions.
CVE-2022-22718MicrosoftWindowsMicrosoft Windows Print Spooler Privilege Escalation VulnerabilityMicrosoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.Apply updates per vendor instructions.
CVE-2022-29464WSO2Multiple ProductsWSO2 Multiple Products Unrestrictive Upload of File VulnerabilityMultiple WSO2 products allow for unrestricted file upload, resulting in remote code execution.Apply updates per vendor instructions.
CVE-2022-26904MicrosoftWindowsMicrosoft Windows User Profile Service Privilege Escalation VulnerabilityMicrosoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.Apply updates per vendor instructions.
CVE-2022-21919MicrosoftWindowsMicrosoft Windows User Profile Service Privilege Escalation VulnerabilityMicrosoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.Apply updates per vendor instructions.
CVE-2022-0847LinuxKernelLinux Kernel Privilege Escalation VulnerabilityLinux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of “Dirty Pipe.”Apply updates per vendor instructions.
CVE-2022-1388F5BIG-IPF5 BIG-IP Missing Authentication VulnerabilityF5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services.Apply updates per vendor instructions.
CVE-2022-30525ZyxelMultiple FirewallsZyxel Multiple Firewalls OS Command Injection VulnerabilityA command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.Apply updates per vendor instructions.
CVE-2022-22947VMwareSpring Cloud GatewayVMware Spring Cloud Gateway Code Injection VulnerabilitySpring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.Apply updates per vendor instructions.
CVE-2022-20821CiscoIOS XRCisco IOS XR Open Port VulnerabilityCisco IOS XR software health check opens TCP port 6379 by default on activation. An attacker can connect to the Redis instance on the open port and allow access to the Redis instance that is running within the NOSi container.Apply updates per vendor instructions.
CVE-2022-26134AtlassianConfluence Server/Data CenterAtlassian Confluence Server and Data Center Remote Code Execution VulnerabilityAtlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code execution.Immediately block all internet traffic to and from affected products AND apply the update per vendor instructions [https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html] OR remove the affected products by the due date on the right. Note: Once the update is successfully deployed, agencies can reassess the internet blocking rules.
CVE-2022-31460Owl LabsMeeting Owl Pro and Whiteboard OwlMeeting Owl Pro and Whiteboard Owl Hard-Coded Credentials VulnerabilityOwl Labs Meeting Owl and Whiteboard Owl allow attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value.Apply updates per vendor instructions.
CVE-2022-30190MicrosoftWindowsMicrosoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution VulnerabilityA remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application.Apply updates per vendor instructions.
CVE-2022-29499MitelMiVoice ConnectMitel MiVoice Connect Data Validation VulnerabilityThe Service Appliance component in Mitel MiVoice Connect allows remote code execution due to incorrect data validation.Apply updates per vendor instructions.
CVE-2022-26925MicrosoftWindowsMicrosoft Windows LSA Spoofing VulnerabilityMicrosoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM.Apply remediation actions outlined in CISA guidance [https://www.cisa.gov/guidance-applying-june-microsoft-patch].
CVE-2022-22047MicrosoftWindowsMicrosoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation VulnerabilityMicrosoft Windows CSRSS contains an unspecified vulnerability which allows for privilege escalation to SYSTEM privileges.Apply updates per vendor instructions.
 

Mitigations

Vulnerability and Configuration Management

  • Update software, operating systems, applications, and firmware on IT network assets in a timely manner. Prioritize patching known exploited vulnerabilities, especially those CVEs identified in this CSA, and then critical and high vulnerabilities that allow for remote code execution or denial-of-service on internet-facing equipment. For patch information on CVEs identified in this CSA, refer to the appendix. 
    • If a patch for a known exploited or critical vulnerability cannot be quickly applied, implement vendor-approved workarounds.
  • Use a centralized patch management system.
  • Replace end-of-life software, i.e., software that is no longer supported by the vendor. For example, Accellion FTA was retired in April 2021.
  • Organizations that are unable to perform rapid scanning and patching of internet-facing systems should consider moving these services to mature, reputable cloud service providers (CSPs) or other managed service providers (MSPs). Reputable MSPs can patch applications—such as webmail, file storage, file sharing, and chat and other employee collaboration tools—for their customers. However, as MSPs and CSPs expand their client organization’s attack surface and may introduce unanticipated risks, organizations should proactively collaborate with their MSPs and CSPs to jointly reduce that risk. For more information and guidance, see the following resources.