Qualys Survey of Top 10 Exploited Vulnerabilities in 2023
– Saeed Abbasi
Based on the provided information, here is a summary of the top 6 vulnerabilities:
1) **CVE-2023-28252** – Windows Common Log File System (CLFS) Driver Vulnerability
– QDS Score: 95
– CVSS Score: 7) 8
– Description: A critical vulnerability in the Windows Common Log File System driver that can be exploited to acquire system-level privileges.
This vulnerability has been weaponized and used to distribute ransomware.
2) **CVE-2023-29059** – 3CX Desktop Client Supply Chain Vulnerability
– QDS Score: 95
– CVSS Score: 7) 8
– Description: A set of critical supply chain vulnerabilities in the 3CX VOIP desktop client tool.
Attackers have trojanized legitimate versions of the 3CX desktop app, allowing them to compromise Windows and macOS platforms and harvest system details and credentials.
3) **CVE-2023-34362** – MOVEit Transfer Injection Vulnerability
– QDS Score: 100
– CVSS Score: 9) 8
– Description: A severe vulnerability in the MOVEit Transfer file transfer solution.
This vulnerability allows for SQL injection attacks, leading to the execution of arbitrary code and potential data breaches.
4) **CVE-2023-23397** – Microsoft Outlook Elevation of Privilege Vulnerability
– QDS Score: 95
– CVSS Score: N/A
– Description: An elevation of privilege vulnerability in Microsoft Outlook that allows attackers to bypass authentication measures and gain unauthorized access to confidential data.
Exploitation can be triggered by processing a specially crafted email.
5) **CVE-2023-0669** – Fortra GoAnywhere Managed File Transfer (MFT) Remote Code Execution (RCE) Vulnerability
– QDS Score: 95
– CVSS Score: N/A
– Description: A command injection flaw in Fortra’s GoAnywhere Managed File Transfer (MFT) tool.
Attackers with public internet access to the administrative console can execute remote code on unpatched versions, potentially leading to data breaches.
6) **CVE-2023-24880** – Windows SmartScreen Security Feature Bypass Vulnerability
– QDS Score: 95
– CVSS Score: 4) 4
– Description: A vulnerability that compromises the Windows SmartScreen security feature.
Attackers can bypass essential security checks and spread malware through crafted malicious files.
It is important to prioritize the remediation of these vulnerabilities based on their associated risks.
Qualys recommends focusing on vulnerabilities with a score of 95 or higher, followed by those scoring above 90, and finally, those with a score of 70 or above.
Additionally, maintaining an accurate inventory of externally facing assets and using automated patch deployment can help reduce risk.
Link: https://vulners.com/qualysblog/QUALYSBLOG:704379EA1612C53EE57CDA4E1A35EF45