Five most common cybersecurity vulnerabilities in 2023


Research reveals a list of common vulnerabilities, showing that Apache and OpenSSH services are the most vulnerable.

SecurityScorecard researchers have determined the five main vulnerabilities that could be used and exploited by threat actors. They’re urging companies to protect themselves, including against the imminent threats posed by third-party partners.

As indicated by the "State of Third-Party Risk Management" report by Forrester, 55% of security decision-makers who suffered a breach in the last 12 months reported that the breach or incident was connected to a supply chain or third-party provider.

Attacks on the MOVEit and Barracuda Networks still resonate throughout the cyber threat landscape and wide networks of companies and their clients. Cybercriminal groups such as Cl0p are increasingly targeting new software products, discovering zero-day vulnerabilities early and waiting until the product gains a significant user base to exploit them.

“As we move into the second half of 2023, we anticipate a continuation of this trend of threat actors targeting newly released software products,” says Jared Smith, a distinguished Engineer and lead of Research and Development Strategy at SecurityScorecard.

According to the cybersecurity specialist, cybercriminals groups are expected to continue exploiting zero-day vulnerabilities, thereby expanding the range and gravity of potential attacks. Ransomware groups in particular will employ this strategy, aiming to magnify their influence.

So you know what to look out for and keep your business safe, let’s look at the most common vulnerabilities currently being used by threat actors:

1. CVE-2021-41617 (OpenSSH 6.2 through 8.7)

The CVE-2021-41617 vulnerability was discovered in OpenSSH, a widely used suite of networking software that includes the SSH protocol.

The vulnerability mainly affects the food and hospitality sectors, as well as information services. It allows logged users to get around certain security restrictions that are normally in place. This could give them access to sensitive information or systems without the necessary permission.

OpenSSH has since released a patch for this particular vulnerability, so keeping your OpenSSH software up to date is essential to stay safe.

2. CVE-2020-14145 (OpenSSH 5.7 through 8.4)

CVE-2020-14145 was also discovered in OpenSSH, affecting versions 5.7 through 8.4. The vulnerability mainly affected the entertainment, technology, and healthcare industries.

This vulnerability is characterized as an Observable Discrepancy leading to an information leak in the algorithm negotiation process. It allows threat actors to target initial connection attempts.

OpenSSH has mitigated the vulnerability only partially. Users are recommended to only connect to SSH servers with verified host keys to avoid any potential threats.

3. CVE-2022-22719 (Apache HTTP Server 2.4.48 and earlier)

CVE-2022-22719 is a high severity vulnerability associated with the Apache HTTP Server, the world's most widely used web server software. It mainly affects the insurance, pharmaceutical, and construction sectors.

This vulnerability could allow an attacker to cause a Denial of Service (DoS). The Apache Software Foundation has released a fix in version 2.4.49. So updating the software mitigates potential risks.

4. CVE-2022-22721 (Apache HTTP Server 2.4.52 and earlier)

CVE-2022-22721 is a vulnerability that affects Apache HTTP Server 2.4 versions before 2.4.52. This vulnerability also primarily targets the insurace, pharmaceutical and construction industries.

By exploiting this vulnerability, threat actors could possibly execute arbitrary code or cause a DoS. If a company is affected by this issue, they need to change a setting called "LimitXMLRequestBody" and make it smaller than 350MB.

5. CVE-2022-22720 (Apache HTTP Server 2.4.52 and earlier)

CVE-2022-22720 is a DoS vulnerability discovered in the Apache HTTP Server versions 2.4.0 to 2.4.51.

This vulnerability is triggered when the server processes a specially crafted request to a proxied host. This causes the server to enter an infinite loop, consuming all available CPU resources and causing a denial of service.

The Apache Software Foundation has released a patch to address this vulnerability in version 2.4.52 of the Apache HTTP Server.