Skip to main content

Fix now: High risk vulnerabilities at large, June 2020

Fix now: High risk vulnerabilities at large, June 2020

01.Jun.2020
Simon Roe, Product Manager Outpost24
On May 12, 2020 CERT released an alert entitled top 10 routinely exploited vulnerabilities identified by U.S Government, we put them through our predictive risk based vulnerability prioritization tool Farsight to provide more context into the risk.
high risk vulnerabilities

On May 12, 2020 CERT released an alert entitled top 10 routinely exploited vulnerabilities identified by U.S Government, which can be found here: https://www.us-cert.gov/ncas/alerts/aa20-133a

But how dangerous are these CVEs? We put them through our predictive risk based vulnerability prioritization tool Farsight to provide more context into the risk. Let us dig into the top 10 routinely exploited vulnerabilities between 2016 and 2019 in details.

CVE Description CVSS Score Farsight Rating Last seen (Farsight)
CVE-2017-11882 Microsoft Office Memory Corruption Vulnerability 7.8 38.46 2020-05-15
CVE-2017-0199 Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API. 7.8 38.46 2020-05-13
CVE-2017-5638 Jakarta Multipart parser in Apache Struts 2 10.0 38.46 2020-05-12
CVE-2012-0158 MSCOMCTL.OCX RCE Vulnerability 9.3(V2) 38.46 2020-05-12
CVE-2019-0604 Microsoft SharePoint Remote Code Execution Vulnerability 9.8 38.46 2020-05-12
CVE-2017-0143 Windows SMB Remote Code Execution Vulnerability 8.3 38.46 2020-05-12
CVE-2018-4878 Use-after-free vulnerability in Adobe Flash Player 9.8 38.46 2020-05-12
CVE-2017-8759 .NET Framework Remote Code Execution Vulnerability. 7.8 38.46 2020-04-15
CVE-2015-1641 Microsoft Office Memory Corruption Vulnerability 9.3(V2) 38.46 2020-05-16
CVE-2018-7600 DRUPAL RCE vulnerability 9.8 38.46 2020-05-12
(2020) CVE-2019-11510 Pulse Secure arbitrary file reading vulnerability 10.0 38.46 2020-05-16
(2020) CVE-2019-19781 Directory traversal in Citrix ADC 9.8 38.46 2020-05-12

The last two, are honorary mentions in addition to the top 10 as a focus by threat actors since the Covid-19 lockdowns began around the globe. Note: we covered the Pulse CVE back in April.

What does Farsight’s Threat Intelligence tell us?

Firstly as you would expect, all of these vulnerabilities have the highest risk rating – 38.46, this is due to the fact that in most cases there are documented successful exploits in the wild for these vulnerabilities. After all, a successful attack somewhere moves it from a ‘likely to be exploited’ to a ‘has been exploited’.

Next is the Farsight last seen date. This information is currently not available in Outscan, however we can access this information from the raw data. What does it tell us?

At the time of writing only one (CVE-2017-8759) has not seen any attention in May from threat actors, and indeed, most of the vulnerabilities saw an increase in attention in the days after the CERT top 10 announcement had been made. This provides an interesting insight in the lifecycle of a vulnerability, as older vulnerabilities that have been used in exploits previously get renewed media interest, Threat Actors will often take another look to see how these can be used in the current threat landscape. Customers should continue to focus on the real risk of the vulnerability, in all these cases, Farsight rates these as the highest possible risk in terms of exploit likelihood, irrespective of the age of the vulnerability or the activity levels seen by the threat actors.

With such a high risk rating these vulnerabilities should be remediated immediately should they appear in your environments. But if you have to choose, the ones that have not seen any activity or interest in 2020 could be remediated after the majority that are currently being used and discussed.

In summary

The good news is our predictive risk-based management solution Farsight agrees with CERT on the risks posed by these vulnerabilities. Though as mentioned this should be expected due to the nature of these vulnerabilities - having been exploited in the wild. It’s always good to see validation on the risks from external 3rd party sources, and it's also interesting to see that some of these vulnerabilities, even though they are 8 year-old, are still being discussed and used by threat actors against organizations and targets on the internet, confirming once again the need for organizations to maintain cyber hygiene thorough continuous vulnerability assessment.

As always make sure you are remediating these high risk vulnerabilities as soon as you are able to. Subscribe to our email to ensure you get the latest update.

SUBSCRIBE TO OUR EMAIL

Looking for anything in particular?

Type your search word here