Vulnerability Trends Summary

As part of our monthly vulnerability trends, this report shows the monthly top 10 trends on security vulnerabilities and how hackers, malware, and exploit kits are exploiting those vulnerabilities. To demonstrate, we assign vulnerability trends value as a percentage of how each vulnerability is significantly gaining the attention of cybersecurity communities, attackers, together with malware. In either case, companies can benefit from the report to have more cyber threat insights and relatively anticipate attacks wave that might target their public assets in the following months.

Subscribe to the monthly vulnerability digest report by clicking here.

Download the full vulnerability digest report by clicking here.

The following chart shows the trends.

In December 2020, SolarWinds cybersecurity news grabbed the majority of community attention due to the impact that happened on big organizations, security companies, and government entities that use SolarWinds products.
However, 2020 ended with many other critical security vulnerabilities like Struts 2 RCE and Contact Form 7 arbitrary file upload.

The following table shows the details of the trends.

CVEVulnerabilityPublish DateExploitedTrends*
CVE-2020-17530Remote Code Execution in Struts 208/11/2020Yes18%
CVE-2020-10148Remote Code Execution in SolarWinds26/11/2020Yes15%
CVE-2020-8554MiTM in Kubernetes07/11/2020Yes14%
CVE-2020-35489Arbitrary File Upload in Contact Form 717/11/2020Yes10%
CVE-2020-29583Default Account in ZYXEL devices22/11/2020Yes10%
CVE-2020-35606Command Execution in Webmin21/11/2020Yes7%
CVE-2020-1971Denial of Service in OpenSSL08/11/2020No7%
CVE-2020-29492Insecure Configuration in Wyse Dell21/11/2020Yes7%
CVE-2020-25179Unprotected Credentials in GE Ultrasound Products09/11/2020No6%
CVE-2020-17141Remote Code Execution in MS Exchange Server09/11/2020Yes6%

Subscribe to the monthly vulnerability digest report by clicking here.

Download the full vulnerability digest report by clicking here.

 

 

1.CVE-2020-17530

Apache Struts 2 has remote code execution vulnerability when using forced OGNL evaluation on untrusted

user input. This affects Struts 2.0.0 – Struts 2.5.25.

CVSS Rate9.8 CRITICAL
ExploitedYes
Links

https://cwiki.apache.org/confluence/display/WW/S2-061

https://github.com/fengziHK/CVE-2020-17530-strust2-061

 

2.CVE-2020-10148

The SolarWinds Orion API is vulnerable to authentication bypass which allows remote code execution
without requiring authentication. This vulnerability is known as SUNBURST backdoor.

CVSS Rate9.8 CRITICAL
ExploitedYes
Links

https://kb.cert.org/vuls/id/843464

https://www.solarwinds.com/securityadvisory

 

3.CVE-2020-8554

Man-in-The-Middle vulnerability exists in Kubernetes which affects mainly multitenant deployments where
a user with no special permission is able to exploit this vulnerability.

CVSS Rate9.8 CRITICAL
ExploitedYes
Links

https://github.com/kubernetes/kubernetes/issues/97076

https://blog.champtar.fr/K8S_MITM_LoadBalancer_ExternalIPs/

 

4.CVE-2020-35489

Unrestricted file upload vulnerability exists in Contact Form 7 the common WordPress plugin where there is
no validation for Unicode special character.

CVSS Rate10.0 CRITICAL
ExploitedYes
Links

https://cwiki.apache.org/confluence/display/WW/S2-061

https://github.com/fengziHK/CVE-2020-17530-strust2-061

 

5.CVE-2020-29583

Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an
unchangeable password. The password for this account can be found in cleartext in the firmware. This
account can be used by someone to login to the ssh server or web interface with admin privileges.

CVSS Rate7.8 HIGH
ExploitedYes
Links

https://www.zyxel.com/support/CVE-2020-29583.shtml

https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html

 

6.CVE-2020-35606

Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package
Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C.

CVSS Rate8.8 HIGH
ExploitedYes
Linkshttps://www.exploit-db.com/exploits/49318

 

7.CVE-2020-1971

OpenSSL 1.1 has a remote denial of service (DoS) vulnerability because of NULL point reference issue.

CVSS Rate5.9 MEDIUM
ExploitedNo
Linkshttps://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f960d81215ebf3f65e03d4d5d857fb9b666d6920

 

8.CVE-2020-29492

Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A remote
unauthenticated attacker could potentially exploit this vulnerability to access the writable file and
manipulate the configuration of any target specific station.

CVSS Rate10.0 CRITICAL
ExploitedYes
Links

https://www.dell.com/support/kbdoc/cs-cz/000180768/dsa-2020-281

https://www.cybermdx.com/vulnerability-research-disclosures/dell-wyse-thin-client-vulnerability

 

9.CVE-2020-25179

GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during
transport over the network.

CVSS Rate9.8 CRITICAL
ExploitedNo
Linkshttps://us-cert.cisa.gov/ics/advisories/icsma-20-343-01

 

10.CVE-2020-17141


Microsoft Exchange Server has remote code execution allows remote attackers to disclose information on
affected installations of Exchange Server. Authentication is required to exploit this vulnerability.

CVSS Rate8.4 HIGH
ExploitedYes
Links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-17140

https://srcincite.io/advisories/src-2020-0031/