Vulnerability Trends March 2021

Vulnerability Trends Summary

As part of our monthly vulnerability trends, this report shows the monthly top 10 trends on security vulnerabilities and how hackers, malware, and exploit kits are exploiting those vulnerabilities. To demonstrate, we assign vulnerability trends value as a percentage of how each vulnerability is significantly gaining the attention of cybersecurity communities, attackers, together with malware. In either case, companies can benefit from the report to have more cyber threat insights and relatively anticipate attacks wave that might target their public assets in the following months.

Subscribe to the monthly vulnerability digest report by clicking here.

Download the full vulnerability digest report by clicking here.

The following chart shows the trends.

March 2021 was the month of Microsoft Exchange where most of the trends and attacks were related to the critical RCE and SSRF in Microsoft Exchange. Those vulnerabilities got realized after discovering attacks weaponizing them to target official and government organizations.

Other critical and important vulnerabilities were discovered in F5 BIG-IP, OpenSSL, and VMware.

The following table shows the details of the trends.

Subscribe to the monthly vulnerability digest report by clicking here.

Download the full vulnerability digest report by clicking here.

1. CVE-2021-26855 SSRF in Microsoft Exchange

Remote code execution on Microsoft Exchange Server through server-side-request-forgery (SSRF) vulnerability which allows an unauthenticated attacker to exploit this vulnerability and execute arbitrary codes.

2. CVE-2021-22986 Remote Code Execution in F5 BIG-IP API

F5 iControl REST interface has remote code execution vulnerability through the BIG-IP management interface and self IP addresses, which allow an attacker to execute arbitrary system commands, create or delete files, and disable services.

3. CVE-2021-27065 Arbitrary File Write in Microsoft Exchange

Arbitrary files write on any path on Exchange server. This vulnerability is used as a post-authentication exploit mainly after exploiting CVE-2021-26855.

4. CVE-2021-22987 Remote Code Execution in F5 BIG-IP

F5 BIG-IP when running in Appliance mode, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages.

5. CVE-2021-26857 Remote Code Execution in Microsoft Exchange

Deserialization vulnerability exists in Exchange Server’s Unified Messaging (voicemail) service. This vulnerability is used as a post-authentication exploit mainly after exploiting CVE-2021-26855.

6. CVE-2021-3450 Certificate Bypass in OpenSSL

OpenSSL has a vulnerability that prevents applications from detecting and rejecting TLS certificates that aren’t digitally signed by a browser-trusted certificate authority.

7. CVE-2021-21978 Remote Code Execution in VMware Planner

VMware View Planner contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application by any unauthenticated user with network access.

8. CVE-2021-3449 Denial of Service in OpenSSL

OpenSSL has a denial of service vulnerability that can be exploited by any client if sent a maliciously crafted renegotiation ClientHello message.

9. CVE-2021-21193 Code Execution in Google Chrome

Use after free in Blink in Google Chrome allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

10. CVE-2021-21975 SSRF in VMware vRealize

Server Side Request Forgery in vRealize Operations Manager API may allow a malicious actor with network access to exploit this vulnerability and compromise administrative credentials.