Vulnerability Trends Summary

 

As part of our monthly vulnerability trends, this report shows the monthly top 10 trends on security vulnerabilities and how hackers, malware, and exploit kits are exploiting those vulnerabilities. To demonstrate, we assign vulnerability trends value as a percentage of how each vulnerability is significantly gaining the attention of cybersecurity communities, attackers, together with malware. In either case, companies can benefit from the report to have more cyber threat insights and relatively anticipate attacks wave that might target their public assets in the following months.

Subscribe to the monthly vulnerability digest report by clicking here.

Download the full vulnerability digest report by clicking here.

The following chart shows the trends.

Vulnerability Trends Feb 2021

Feb 2021 had a variety of vulnerabilities discovered and made public with most of them are related to remote code execution. The vulnerability with the most interactions is a remote code execution that exists in vCenter, CVE-2021-21972, which is still under active exploitation.

Other critical and important vulnerabilities were discovered in Windows, SolarWinds, SAP, SonicWall, and FortiWeb.

The following table shows the details of the trends.

CVEVulnerabilityPublish DateExploitedTrends*
CVE-2021-3156Remote Code Execution in vCenter/vSphere23/02/2021Yes38%
CVE-2021-21148Heap overflow in Chrome V8 engine04/02/2021Yes19%
CVE-2021-1732Privilege Escalation in Windows kernel09/02/2021Yes17%
CVE-2021-24094Remote Code Execution in Windows IPv609/02/2021No6%
CVE-2021-24074Remote Code Execution in Windows TCP/IP IPv409/02/2021No5%
CVE-2021-25247Remote Code Execution in SolarWinds Orion03/02/2021Yes5%
CVE-2021-21477Remote Code Execution in SAP Commerce Cloud09/02/2021No4%
CVE-2021-21976Command Injection in vSphere Replication11/01/2021No3%
CVE-2021-20016SQL Injection in SonicWall SSL VPN03/02/2021Yes2%
CVE-2021-22122Reflective XSS in FortiWeb GUI04/02/2021Yes1%

Subscribe to the monthly vulnerability digest report by clicking here.

Download the full vulnerability digest report by clicking here.

 

1. CVE-2021-21972 Remote Code Execution in vCenter/vSphere

Remote code execution vulnerability exists in VMware vCenter/vSphere that allows an unauthenticated attacker to remotely execute code on the VMware hypervisor. Where any attacker can upload a code and execute it to control VMware hypervisor.

CVSS Rate9.8 Critical
ExploitedYes
Links

https://www.vmware.com/security/advisories/VMSA-2021-0002.html

https://swarm.ptsecurity.com/unauth-rce-vmware/

 

 

2. CVE-2021-21148 Heap overflow in Chrome V8 engine

Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS Rate8.5 High
ExploitedYes
Links

https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html

 

3. CVE-2021-1732 Privilege Escalation in Windows kernel

Windows Kernel privilege escalation vulnerability exists in Windows 10 and Windows Server 2019.

CVSS Rate7.8 High
ExploitedYes
Links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1732

 

4. CVE-2021-24094Remote Code Execution in Windows IPv6

Remote code execution vulnerability exists in all Windows IPv6 implementations. This affects IPv6 link-local addresses as well.

CVSS Rate9.8 Critical
ExploitedNo
Links

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24094

 

 

5. CVE-2021-24074 Remote Code Execution in Windows TCP/IP IPv4

Remote code execution vulnerability exists in Windows IPv4 TCP/IP.

CVSS Rate9.8 Critical
ExploitedNo
Links

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-24094

 

6. CVE-2021-25274 Remote Code Execution in SolarWinds Orion

Remote code execution vulnerability exists in SolarWinds Orion platform as it does not add security on the private queues. Thus, any attacker can connect and send codes to be executed.

CVSS Rate9.8 Critical
ExploitedYes
Links

https://www.trustwave.com/en-us/resources/blogs/spiderl…

https://documentation.solarwinds.com/en/Success_Center/…

 

 

7. CVE-2021-21477 Remote Code Execution in SAP Commerce Cloud

Remote code execution vulnerability exists in SAP Commerce Cloud, enables certain users with required privileges to edit drools rules and inject arbitrary or malicious code.

CVSS Rate9.8 Critical
ExploitedNo
Linkshttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=568460543

 

8. CVE-2021-21976 SQL Injection in SonicWall SSL VPN

Command injection vulnerability exists in vSphere Replication where an authenticated admin can inject and execute any command.

CVSS Rate7.5 High
ExploitedNo
Linkshttps://www.vmware.com/security/advisories/VMSA-2021-0001.html

 

9. CVE-2021-20016 Reflective XSS in FortiWeb GUI

A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information.

CVSS Rate9.8 Critical
ExploitedYes
Linkshttps://tomcat.apache.org/security-10.html

 

10. CVE-2021-22122 Remote Code Execution in Laravel

A Cross Site Scriptting (XSS) vulnerability exists in FortiWeb GUI may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points.

CVSS Rate4.2 Medium
ExploitedYes
Links

https://fortiguard.com/advisory/FG-IR-20-122