CISA Releases Top 10 Most Routinely Exploited Vulnerabilities

Sergey Nivens/

The agency highlighted three threats targeting remote workers though other known issues date back to 2016.

The U.S. government issued an alert Wednesday to cybersecurity professionals nationwide highlighting the ten most commonly exploited security vulnerabilities exploited by foreign actors in recent years.

The list, organized by the Cybersecurity and Infrastructure Security Agency and FBI with input from other agencies, includes vulnerabilities dating back to 2016 as well as three new vulnerabilities commonly exploited in 2020.

The newest vulnerabilities target remote workers—including millions of Americans currently working from home due to coronavirus spread—through unpatched virtual private networks and cloud collaboration services. The CISA alert calls out two specific vulnerabilities and broadly warns IT officials to check for oversights in deploying cloud-based communications software:

  • An arbitrary code execution vulnerability in Citrix VPN appliances, known as CVE-2019-19781, has been detected in exploits in the wild.
  • An arbitrary file reading vulnerability in Pulse Secure VPN servers, known as CVE-2019-11510, continues to be an attractive target for malicious actors.

“Malicious cyber actors are targeting organizations whose hasty deployment of (Microsoft Office 365) may have led to oversights in security configurations and vulnerable to attack,” the alert states. “Cybersecurity weaknesses—such as poor employee education on social engineering attacks and a lack of system recovery and contingency plans—have continued to make organizations susceptible to ransomware attacks in 2020.”

From 2016 to 2019, the most exploited vulnerabilities were: CVE-2017-11882, CVE-2017-0199, CVE-2017-5638, CVE-2012-0158, CVE-2019-0604, CVE-2017-0143, CVE-2018-4878, CVE-2017-8759, CVE-2015-1641 and CVE-2018-7600.

According to the alert, “malicious cyber actors most often exploited vulnerabilities in Microsoft’s Object Linking and Embedding (OLE) technology. OLE allows documents to contain embedded content from other applications such as spreadsheets. After OLE the second-most-reported vulnerable technology was a widespread Web framework known as Apache Struts.”

The alert recommends organizations patch these vulnerabilities immediately.

“Foreign cyber actors continue to exploit publicly known—and often dated—software vulnerabilities against broad target sets, including public and private sector organizations. Exploitation of these vulnerabilities often requires fewer resources as compared with zero-day exploits for which no patches are available,” the alert states.