Vulnerability Trends Summary

 

As part of our monthly vulnerability trends, this report shows the monthly top 10 trends on security vulnerabilities and how hackers, malware, and exploit kits are exploiting those vulnerabilities. To demonstrate, we assign vulnerability trends value as a percentage of how each vulnerability is significantly gaining the attention of cybersecurity communities, attackers, together with malware. In either case, companies can benefit from the report to have more cyber threat insights and relatively anticipate attacks wave that might target their public assets in the following months.

Subscribe to the monthly vulnerability digest report by clicking here.

Download the full vulnerability digest report by clicking here.

The following chart shows the trends.

March 2021 Vulnerability Trends

March 2021 was the month of Microsoft Exchange where most of the trends and attacks were related to the critical RCE and SSRF in Microsoft Exchange. Those vulnerabilities got realized after discovering attacks weaponizing them to target official and government organizations.


Other critical and important vulnerabilities were discovered in F5 BIG-IP, OpenSSL, and VMware.

The following table shows the details of the trends.

CVEVulnerabilityPublish DateExploitedTrends*
CVE-2021-226855SSRF in Microsoft Exchange02/03/2021Yes32%
CVE-2021-22986Remote Code Execution in F5 BIG-IP API10/03/2021Yes26%
CVE-2021-27065Arbitrary Files Write in Microsoft Exchange02/03/2021Yes10%
CVE-2021-22987Remote Code Execution in F5 BIG-IP10/03/2021No7%
CVE-2021-26857Remote Code Execution in Microsoft Exchange02/03/2021Yes6%
CVE-2021-3450Certificate Validation Bypass in OpenSSL23/03/2021No4%
CVE-2021-21978Remote Code Execution in VMware Planner03/03/2021Yes4%
CVE-2021-2449Denial of Service in OpenSSL23/03/2021Yes4%
CVE-2021-21193Code Execution in Google Chrome12/03/2021Yes4%
CVE-2021-21975SSRF in VMware vRealize30/03/2021Yes3%

Subscribe to the monthly vulnerability digest report by clicking here.

Download the full vulnerability digest report by clicking here.

 

1. CVE-2021-26855 SSRF in Microsoft Exchange

Remote code execution on Microsoft Exchange Server through server-side-request-forgery (SSRF) vulnerability which allows an unauthenticated attacker to exploit this vulnerability and execute arbitrary codes.

CVSS Rate9.8 Critical
ExploitedYes
Links

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26855

https://packetstormsecurity.com/files/161846/Microsoft-Exchange-2019-SSRF-Arbitrary-File-Write.html

 

2. CVE-2021-22986 Remote Code Execution in F5 BIG-IP API

F5 iControl REST interface has remote code execution vulnerability through the BIG-IP management interface and self IP addresses, which allow an attacker to execute arbitrary system commands, create or delete files, and disable services.

CVSS Rate9.8 Critical
ExploitedYes
Links

https://support.f5.com/csp/article/K03009991

https://packetstormsecurity.com/files/162066/F5-BIG-IP-16.0.x-Remote-Code-Execution.html

 

3. CVE-2021-27065 Arbitrary File Write in Microsoft Exchange

Arbitrary files write on any path on Exchange server. This vulnerability is used as a post-authentication exploit mainly after exploiting CVE-2021-26855.

CVSS Rate7.8 High
ExploitedYes
Links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27065

http://packetstormsecurity.com/files/161938/Microsoft-Exchange-ProxyLogon-Remote-Code-Execution.html

 

4. CVE-2021-22987 Remote Code Execution in F5 BIG-IP

F5 BIG-IP when running in Appliance mode, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has an authenticated remote command execution vulnerability in undisclosed pages.

CVSS Rate9.8 Critical
ExploitedNo
Links https://support.f5.com/csp/article/K18132488

 

5. CVE-2021-26857 Remote Code Execution in Microsoft Exchange

Deserialization vulnerability exists in Exchange Server’s Unified Messaging (voicemail) service. This vulnerability is used as a post-authentication exploit mainly after exploiting CVE-2021-26855.

CVSS Rate7.8 High
ExploitedYes
Links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26857

https://attackerkb.com/topics/hx6O9H590s/cve-2021-26857

 

6. CVE-2021-3450 Certificate Bypass in OpenSSL

OpenSSL has a vulnerability that prevents applications from detecting and rejecting TLS certificates that aren’t digitally signed by a browser-trusted certificate authority.

CVSS Rate7.4 High
ExploitedNo
Links

https://www.openssl.org/news/secadv/20210325.txt

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2a40b7bc7b94dd7de897a74571e7024f0cf0d63b

 

7. CVE-2021-21978 Remote Code Execution in VMware Planner

VMware View Planner contains a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in logupload web application by any unauthenticated user with network access.

CVSS Rate9.8 Critical
ExploitedYes
Links

https://www.vmware.com/security/advisories/VMSA-2021-0003.html

https://packetstormsecurity.com/files/161879/VMware-View-Planner-4.6-Remote-Code-Execution.html

 

8. CVE-2021-3449 Denial of Service in OpenSSL

OpenSSL has a denial of service vulnerability that can be exploited by any client if sent a maliciously crafted renegotiation ClientHello message.

CVSS Rate5.9 Medium
ExploitedYes
Links

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148

https://github.com/terorie/cve-2021-3449

 

9. CVE-2021-21193 Code Execution in Google Chrome

Use after free in Blink in Google Chrome allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS Rate8.8 High
ExploitedYes
Linkshttps://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_12.html

 

10. CVE-2021-21975 SSRF in VMware vRealize

Server Side Request Forgery in vRealize Operations Manager API may allow a malicious actor with network access to exploit this vulnerability and compromise administrative credentials.

CVSS Rate9.8 Critical
ExploitedYes
Links

https://www.vmware.com/security/advisories/VMSA-2021-0004.html

https://github.com/Henry4E36/VMWare-vRealize-SSRF