Vulnerability Trends Summary
As part of our monthly vulnerability trends, this report shows the monthly top 10 trends on security vulnerabilities and how hackers, malware, and exploit kits are exploiting those vulnerabilities. To demonstrate, we assign vulnerability trends value as a percentage of how each vulnerability is significantly gaining the attention of cyber security communities, attackers, together with malware. In either case, companies can benefit from the report to have more cyber threat insights and relatively anticipate attacks wave that might target their public assets in the following months.
Download the full vulnerability digest report by clicking here.
Subscribe to the monthly vulnerability digest report by clicking here.
The following chart shows the trends.
In July 2020, we noticed that many vulnerabilities impacted edge appliances like published services, routers and application delivery appliances.
July most attracted vulnerability is an RCE in F5 BIG-IP appliance. This vulnerability has more than 40% of overall July trends. The next in line is Windows DNS Server RCE (CVE-2020-1350) which was published in Microsoft July patch Tuesday.
The following table shows the details of the trends.
| CVE | Vulnerability | Publish Date | Exploited | Trends* |
| CVE-2020-1206 | RCE in F5 BIG-IP Management Interface | 01/07/2020 | Yes | 47% |
| CVE-2020-2021 | RCE in Windows DNS Server | 14/07/2020 | Yes | 31% |
| CVE-2020-1301 | SAP NetWeaver Authentication Bypass | 14/07/2020 | Yes | 5% |
| CVE-2020-13777 | GRUB 2 BootHole Vulnerability | 29/07/2020 | No | 5% |
| CVE-2020-9859 | Cisco ASA File Traversal | 22/07/2020 | Yes | 4% |
| CVE-2020-0543 | RCE in Microsoft Sharepoint | 14/07/2020 | Yes | 3% |
| CVE-2020-1170 | Apache Guacamole Code Execution | 02/07/2020 | Yes | 2% |
| CVE-2020-3342 | Windows 10 Privilege Elevation | 14/07/2020 | Yes | 1% |
| CVE-2020-1299 | Citrix ADC unauthenticated access | 10/07/2020 | Yes | 1% |
| CVE-2020-5410 | RCE in Moxa Routers | 15/07/2020 | Yes | 1% |
Download the full vulnerability digest report by clicking here.
Subscribe to the monthly vulnerability digest report by clicking here.
1.CVE-2020-5902
The Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.
| CVSS Rate | 9.8 CRITICAL |
| Exploited | Yes |
| Links | https://support.f5.com/csp/article/K52145254 https://github.com/Critical-Start/Team-Ares/tree/master/CVE-2020-5902 |
2.CVE-2020-1350
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests. This vulnerability is known as SIGRED.
| CVSS Rate | 10.0 CRITICAL |
| Exploited | Yes |
| Links | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1350 |
3.CVE-2020-6287
SAP NetWeaver AS JAVA (LM Configuration Wizard), does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user. This vulnerability known as SAP RECON.
| CVSS Rate | 10.0 CRITICAL |
| Exploited | Yes |
| Links | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675 |
4.CVE-2020-10713
A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. This vulnerability is known as BootHole
| CVSS Rate | N/A |
| Exploited | No |
| Links | https://access.redhat.com/security/vulnerabilities/grub2bootloader |
5.CVE-2020-3452
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system.
| CVSS Rate | 7.5 HIGH |
| Exploited | Yes |
| Links | https://tools.cisco.com/security/center/content |
6.CVE-2020-1147
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input.
7.CVE-2020-9498
Apache Guacamole 1.1.0 and older may mishandle pointers involved in processing data received via RDP static virtual channels. If a user connects to a malicious or compromised RDP server, a series of speciallycrafted PDUs could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.
| CVSS Rate | 6.7 MEDIUM |
| Exploited | Yes |
| Links | https://lists.apache.org/thread.html/r26fb170edebff842c74aacdb1 |
8.CVE-2020-1362
An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka ‘Windows WalletService Elevation of Privilege Vulnerability’.
| CVSS Rate | 7.8 HIGH |
| Exploited | Yes |
| Links | https://nvd.nist.gov/vuln/detail/CVE-2020-1362 |
9.CVE-2020-8193
Improper access control in Citrix ADC and Citrix Gateway versions and Citrix SDWAN WAN-OP allows unauthenticated access to certain URL endpoints.
| CVSS Rate | 6.5 MEDIUM |
| Exploited | Yes |
| Links | https://support.citrix.com/article/CTX276688 |
10.CVE-2020-14511
Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Series Routers (versions prior to 5.4).
| CVSS Rate | 9.8 CRITICAL |
| Exploited | Yes |
| Links | https://www.moxa.com/en/support/support/security-advisory/edr-g902-g903-series-secure-routers-vulnerabilities |
