Vulnerability Trends Summary

As part of our monthly vulnerability trends, this report shows the monthly top 10 trends on security vulnerabilities and how hackers, malware, and exploit kits are exploiting those vulnerabilities. To demonstrate, we assign vulnerability trends value as a percentage of how each vulnerability is significantly gaining the attention of cyber security communities, attackers, together with malware. In either case, companies can benefit from the report to have more cyber threat insights and relatively anticipate attacks wave that might target their public assets in the following months.

Download the full vulnerability digest report by clicking here.

Subscribe to the monthly vulnerability digest report by clicking here.

The following chart shows the trends.

june-2020-vulnerability-trends

In June 2020, we see that the information security community pays more attention, again, to Microsoft published vulnerabilities as CVE-2020-1206, dubbed as SMBleed, gained most trends. This vulnerability gained almost 25% of overall May trends.

The next in line is the critical, not yet exploitable, PaloAlto, CVE-2020-2021, authentication bypass in SAML. Although it is published at the end of June, it got more security community attentions.

The following table shows the details of the trends.

CVEVulnerabilityPublish DateExploitedTrends*
CVE-2020-1206SMBleed Information Disclosure in SMBv309/06/2020Yes25%
CVE-2020-2021PaloAlto Firewall Authentication Bypass29/06/2020No16%
CVE-2020-1301SMBLost Remote Code Execution in SMBv109/06/2020Yes16%
CVE-2020-13777GnuTLS Insecure Session Tickets (TLS 1.2 & 1.3)04/06/2020Yes9%
CVE-2020-9859Privilege Escalation in Apple iOS and MacOS05/06/2020Yes8%
CVE-2020-0543CrossTalk Information Disclosure in Intel CPUs09/06/2020Yes8%
CVE-2020-1170Elevation of Privilege in Windows Defender09/06/2020Yes7%
CVE-2020-3342RCE in Webex Meetings Desktop App17/06/2020No5%
CVE-2020-1299LNK Remote Code Execution in Windows09/06/2020Yes3%
CVE-2020-5410Directory Traversal in Spring Cloud Config Server02/06/2020No3%

Download the full vulnerability digest report by clicking here.

Subscribe to the monthly vulnerability digest report by clicking here.

 

1.CVE-2020-1206

SMBleed is an information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka ‘Windows SMBv3 Client/Server Information Disclosure Vulnerability’.

CVSS Rate7.8 HIGH
ExploitedYes
Linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1206
https://github.com/ZecOps/CVE-2020-1206-POC
https://packetstormsecurity.com/files/158053/SMBleed-Uninitialized-Kernel-Memory-Read-Proof-OfConcept.html

 

2.CVE-2020-2021

If SAML is enabled, PAN-OS is vulnerable to authentication bypass in SAML implementation in Paloalto firewalls operating system (PAN-OS). This vulnerability allows an attacker to access protected resources in the firewall without authentication.

CVSS Rate10 CRITICAL
ExploitedNo
Linkshttps://security.paloaltonetworks.com/CVE-2020-2021

 

3.CVE-2020-1301

SMBleed is an information disclosure vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests, aka ‘Windows SMBv3 Client/Server Information Disclosure Vulnerability’.

CVSS Rate8.8 HIGH
ExploitedYes
Linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1301
https://github.com/shubham0d/CVE-2020-1301

 

4.CVE-2020-13777

GnuTLS library, widely used for TLS implementation, has a vulnerability in constructing an insecure session ticket encryption keys, allowing a MitM attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2.

CVSS Rate7.4 HIGH
ExploitedYes
Linkshttps://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03
https://github.com/shigeki/challenge_CVE-2020-13777
https://github.com/0xxon/cve-2020-13777

 

5.CVE-2020-9859

Privilege escalation vulnerability due to a memory consumption issue which was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6.
An application may be able to execute arbitrary code with kernel privileges and this vulnerability was used by “unc0ver” jailbreak tool.

CVSS Rate7.8 HIGH
ExploitedYes
Linkshttps://support.apple.com/en-us/HT211214

 

6.CVE-2020-0543

CrossTalk vulnerability is a side-channel vulnerability due to incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Rate5.5 MEDIUM
ExploitedNo
Linkshttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html

 

7.CVE-2020-1170

An elevation of privilege vulnerability exists in Windows Defender that leads arbitrary file deletion on the system.To exploit the vulnerability, an attacker would first have to log on to the system, aka ‘Microsoft Windows Defender Elevation of Privilege Vulnerability’.

CVSS Rate7.8 HIGH
ExploitedYes
Linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1170
https://itm4n.github.io/cve-2020-1170-windows-defender-eop/

 

8.CVE-2020-3342

A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to improper validation of cryptographic protections on files that are downloaded by the application as part of a software update

CVSS Rate8.8 HIGH
ExploitedNo
Linkshttps://tools.cisco.com/security/center/content/CiscoSecurity

 

9.CVE-2020-1299

LNK remote code execution exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.

CVSS Rate7.8 HIGH
ExploitedYes
Linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1299
https://blog.vincss.net/2020/06/cve49-microsoft-windows-lnk-remote-code-execution-vuln-cve-2020-1299-eng.html

 

10.CVE-2020-5410

Spring Cloud Config allow applications to serve arbitrary configuration files through the spring-cloudconfig-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.

CVSS Rate7.5 HIGH
ExploitedYes
Linkshttps://tanzu.vmware.com/security/cve-2020-5410