A four-year-old critical security flaw impacting Fortinet FortiOS SSL has emerged as one of the most routinely and frequently exploited vulnerabilities in 2022.
"In 2022, malicious cyber actors exploited older software vulnerabilities more frequently than recently disclosed vulnerabilities and targeted unpatched, internet-facing systems," cybersecurity and intelligence agencies from the Five Eyes nations, which comprises Australia, Canada, New Zealand, the U.K., and the U.S., said in a joint alert.
The continued weaponization of CVE-2018-13379, which was also one among the most exploited bugs in 2020 and 2021, suggests a failure on the part of organizations to apply patches in a timely manner, the authorities said.
"Malicious cyber actors likely prioritize developing exploits for severe and globally prevalent CVEs," according to the advisory. "While sophisticated actors also develop tools to exploit other vulnerabilities, developing exploits for critical, wide-spread, and publicly known vulnerabilities gives actors low-cost, high-impact tools they can use for several years."
CVE-2018-13379 refers to a path traversal defect in the FortiOS SSL VPN web portal that could allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.
Some of other widely exploited flaws include:
- CVE-2021-34473, CVE-2021-31207, and CVE-2021-34523 (ProxyShell)
- CVE-2021-40539 (Unauthenticated remote code execution in Zoho ManageEngine ADSelfService Plus)
- CVE-2021-26084 (Unauthenticated remote code execution in Atlassian Confluence Server and Data Center)
- CVE-2021-44228 (Log4Shell)
- CVE-2022-22954 (Remote code execution in VMware Workspace ONE Access and Identity Manager)
- CVE-2022-22960 (Local privilege escalation vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation)
- CVE-2022-1388 (Unauthenticated remote code execution in F5 BIG-IP)
- CVE-2022-30190 (Follina)
- CVE-2022-26134 (Unauthenticated remote code execution in Atlassian Confluence Server and Data Center)
"Attackers generally see the most success exploiting known vulnerabilities within the first two years of public disclosure and likely target their exploits to maximize impact, emphasizing the benefit of organizations applying security updates promptly," the U.K.'s National Cyber Security Centre (NCSC) said.
"Timely patching reduces the effectiveness of known, exploitable vulnerabilities, possibly decreasing the pace of malicious cyber actor operations and forcing pursuit of more costly and time-consuming methods (such as developing zero-day exploits or conducting software supply chain operations)," the agencies noted.