Vulnerability Trends Summary
In addition, this report identically shows the monthly top 10 trends on security vulnerabilities and how hackers, malware, and exploit kits are exploiting those vulnerabilities. To demonstrate, we assign vulnerability trends value as a percentage of how each vulnerability is significantly gaining the attention of cyber security communities, attackers, together with malware. In either case companies can benefit from the report to have more cyber threat insights and relatively anticipate attacks wave that might target their public assets in the following months.
Download the full vulnerability digest report by clicking here.
Subscribe to the monthly vulnerability digest report by clicking here.
The following chart shows the trends.
In May 2020, we see that the information security community pays more attention to Microsoft published vulnerabilities as CVE-2020-1048, which is not the most critical, gained the most trends. Ordinarily, this vulnerability gained almost 25% of overall May trends.
All things considered, the next in line is the critical and exploitable SaltStack RCE vulnerability titled as CVE-2020-11651. Other critical and exploitable is the SQL Injection in vBulletin titled as CVE-2020-12720.
The following table shows the details of the trends.
CVE | Vulnerability | Publish Date | Exploited | Trends* |
CVE-2020-1048 | Windows print spooler service elevation | 21/05/2020 | No | 24% |
CVE-2020-11651 | SaltStack RCE | 01/05/2020 | Yes | 14% |
CVE-2020-12720 | vBulletin SQL Injection | 07/05/2020 | Yes | 13% |
CVE-2020-0096 | Android 8/9 elevation | 14/05/2020 | No | 13% |
CVE-2020-8617 | BIND denial of service | 19/05/2020 | Yes | 11% |
CVE-2020-8616 | BIND denial of service | 19/05/2020 | Yes | 10% |
CVE-2020-3956 | VMware Cloud Directory RCE | 20/05/2020 | No | 8% |
CVE-2020-11060 | GLPI command execution | 12/05/2020 | No | 7% |
CVE-2020-8983 | Citrix Storage Zones RCE | 07/05/2020 | No | 7% |
CVE-2020-9484 | Tomcat deserialization code execution | 20/05/2020 | Yes | 6% |
Download the full vulnerability digest report by clicking here.
Subscribe to the monthly vulnerability digest report by clicking here.
1.CVE-2020-1048
An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
CVSS Rate | 7.8 HIGH |
Exploited | No |
Links | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1048 |
2.CVE-2020-11651
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.
CVSS Rate | 9.8 CRITICAL |
Exploited | Yes |
Links | http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html |
3.CVE-2020-12720
SQL Injection in vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 where it has incorrect access control.
4.CVE-2020-0096
In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.
CVSS Rate | 7.8 HIGH |
Exploited | No |
Links | https://source.android.com/security/bulletin/2020-05-01 |
5.CVE-2020-8617
Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state (DoS) if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable.
CVSS Rate | 7.8 HIGH |
Exploited | Yes |
Links | https://packetstormsecurity.com/files/157836/BIND-TSIG-Denial-Of-Service.html https://kb.isc.org/docs/cve-2020-8617 |
6.CVE-2020-8616
In BIND DNS Server, a malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral.
CVSS Rate | 8.6 HIGH |
Exploited | Yes |
Links | https://kb.isc.org/docs/cve-2020-8616 http://www.nxnsattack.com/ |
7.CVE-2020-3956
VMware Cloud do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access
CVSS Rate | 8.8 HIGH |
Exploited | No |
Links | https://www.vmware.com/security/advisories/VMSA-2020-0010.html |
8.CVE-2020-11060
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account having Maintenance privileges and the right to add WIFI networks.
CVSS Rate | 8.8 HIGH |
Exploited | No |
Links | https://github.com/glpi-project/glpi/security/advisories/GHSA-cvvq-3fww-5v6f |
9.CVE-2020-8983
An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution.
CVSS Rate | 7.5 HIGH |
Exploited | No |
Links | https://support.citrix.com/article/CTX269106 |
10.CVE-2020-9484
Remote Code Execution (RCE) exists in Apache Tomcat where, in certain conditions, an attacker can send a
maliciously-constructed request to cause a deserialisation code execution vulnerability.
CVSS Rate | 9.8 CRITICAL |
Exploited | Yes |
Links | https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1 https://github.com/IdealDreamLast/CVE-2020-9484/ |