Vulnerability Trends Summary

 

As part of our monthly vulnerability trends, this report shows the monthly top 10 trends on security vulnerabilities and how hackers, malware, and exploit kits are exploiting those vulnerabilities. To demonstrate, we assign vulnerability trends value as a percentage of how each vulnerability is significantly gaining the attention of cybersecurity communities, attackers, together with malware. In either case, companies can benefit from the report to have more cyber threat insights and relatively anticipate attacks wave that might target their public assets in the following months.

Subscribe to the monthly vulnerability digest report by clicking here.

Download the full vulnerability digest report by clicking here.

The following chart shows the trends.

Vulnerability Trends Jan 2021

Starting of 2021, we see a smaller number of vulnerabilities. However, still many remote code execution vulnerabilities in Jan 2021 were discovered and disclosed. The vulnerability with most interaction is SUDO remote code execution that is installed on most Linux environments.
The majority of Jan2021 vulnerabilities affect web technologies and frameworks like Laravel, WebLogic, TomCat, and ZendFramework.

The following table shows the details of the trends.

CVEVulnerabilityPublish DateExploitedTrends*
CVE-2021-3156Remote Code Execution in SUDO26/01/2021Yes44%
CVE-2021-1647Remote Code Execution in Windows Defender12/01/2021Yes15%
CVE-2021-3011Side Channel in Google Titan Security Key07/01/2021Yes14%
CVE-2021-23240Privilege Escalation in SUDO11/01/2021Yes8%
CVE-2021-2109Remote Code Execution in Oracle WebLogic20/01/2021Yes6%
CVE-2021-3007Remote Code Execution in Zend Framework04/01/2021Yes5%
CVE-2021-3115Command Execution in GoLang19/01/2021Yes2%
CVE-2021-24122JSP Source Code disclosure in Apache TomCat14/01/2021Yes2%
CVE-2021-3129Remote Code Execution in Laravel12/01/2021Yes2%
CVE-2021-1667Remote Code Execution in MS RPC12/01/2021No2%

Subscribe to the monthly vulnerability digest report by clicking here.

Download the full vulnerability digest report by clicking here.

 

1. CVE-2021-3156 Remote Code Execution in SUDO

A heap overflow vulnerability exists in the common command sudo of Linux systems. That allows any local users to execute commands with root privilege.

CVSS Rate7.8 High
ExploitedYes
Linkshttps://www.sudo.ws/stable.html#1.9.5p2 https://github.com/stong/CVE-2021-3156

 

2. CVE-2021-1647 Remote Code Execution in Windows Defender

A remote code execution exists in Malware Protection Engine component (mpengine.dll) of Windows Defender. This is a zero-day vulnerability as it is exploited in the wild. However, no technical analysis nor PoC is available yet.

CVSS Rate7.8 High
ExploitedYes
Linkshttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1647

 

3. CVE-2021-3011 Side Channel in Google Titan Security Key

An electromagnetic-wave side-channel issue was discovered on Google Titan Security Key (2FA token) that uses NXP security microcontrollers. It allows attackers to extract the ECDSA private key after extensive physical access and consequently produce a clone.

CVSS Rate4.2 Medium
ExploitedYes
Linkshttps://ninjalab.io/a-side-journey-to-titan/

 

4. CVE-2021-23240 Remote Code Execution in SUDO

Links<linksA heap overflow vulnerability exists in the common command sudo of Linux systems. That allows any local users to execute commands with root privilege.

CVSS Rate7.8 High
ExploitedYes
Linkshttps://www.sudo.ws/alerts/sudoedit_selinux.html

 

5. CVE-2021-3156 Privilege Escalation in SUDO

A vulnerability in sudoedit of Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target.

CVSS Rate7.8 High
ExploitedYes
Linkshttps://www.sudo.ws/alerts/sudoedit_selinux.html

 

6. CVE-2021-2109 Remote Code Execution in Oracle WebLogic

A remote code execution vulnerability exists in console component of Oracle WebLogic Server. This vulnerability requires authentication.

CVSS Rate7.8 High
ExploitedYes
Linkshttps://www.oracle.com/security-alerts/cpujan2021.html https://packetstormsecurity.com/files/161053/Oracle-WebLogic-Server-14.1.1.0-Remote-Code-Execution.html

 

7. CVE-2021-3007 Remote Code Execution in Zend Framework

Laminas and Zend Framework (Stream.php) has a deserialization vulnerability that can lead to remote code execution if the content is controllable by an attacker. NOTE: Zend Framework is no longer supported by the maintainer.

CVSS Rate9.8 Critical
ExploitedYes
Linkshttps://github.com/laminas/laminas-http/releases/tag/2.14.2 https://github.com/Ling-Yizhou/zendframework3-/blob/main/zend framework3 %E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96 rce.md

 

8. CVE-2021-3115 Command Execution in GoLang

Go language on Windows is vulnerable to Command Injection and remote code execution when using the “go get” command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download).

CVSS Rate7.3 High
ExploitedYes
Linkshttps://blog.golang.org/path-security https://github.com/golang/go/issues/43783

 

9. CVE-2021-24122 JSP Source code disclosure in Apache TomCat

Apache Tomcat has JSP source code disclosure in some configurations when it serves resources from network location using NTFS file system.

CVSS Rate7.5 High
ExploitedYes
Linkshttps://tomcat.apache.org/security-10.html

 

10. CVE-2021-3129 Remote Code Execution in Laravel

Remote code execution vulnerability exists in Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.

CVSS Rate9.8 Critical
ExploitedYes
Linkshttps://github.com/facade/ignition/pull/334 https://www.ambionics.io/blog/laravel-debug-rce