Vulnerability Trends Summary

In addition, this report identically shows the monthly top 10 trends on security vulnerabilities and how hackers, malware, and exploit kits are exploiting those vulnerabilities. To demonstrate, we assign vulnerability trends value as a percentage of how each vulnerability is significantly gaining the attention of cyber security communities, attackers, together with malware. In either case companies can benefit from the report to have more cyber threat insights and relatively anticipate attacks wave that might target their public assets in the following months.

Download the full vulnerability digest report by clicking here.

Subscribe to the monthly vulnerability digest report by clicking here.

The following chart shows the trends.

may 2020 vulnerability trends

In May 2020, we see that the information security community pays more attention to Microsoft published vulnerabilities as CVE-2020-1048, which is not the most critical, gained the most trends. Ordinarily, this vulnerability gained almost 25% of overall May trends.

All things considered, the next in line is the critical and exploitable SaltStack RCE vulnerability titled as CVE-2020-11651. Other critical and exploitable is the SQL Injection in vBulletin titled as CVE-2020-12720.

The following table shows the details of the trends.

CVEVulnerabilityPublish DateExploitedTrends*
CVE-2020-1048Windows print spooler service elevation21/05/2020No24%
CVE-2020-11651SaltStack RCE01/05/2020Yes14%
CVE-2020-12720vBulletin SQL Injection07/05/2020Yes13%
CVE-2020-0096Android 8/9 elevation14/05/2020No13%
CVE-2020-8617BIND denial of service19/05/2020Yes11%
CVE-2020-8616BIND denial of service19/05/2020Yes10%
CVE-2020-3956VMware Cloud Directory RCE20/05/2020No8%
CVE-2020-11060GLPI command execution12/05/2020No7%
CVE-2020-8983Citrix Storage Zones RCE07/05/2020No7%
CVE-2020-9484Tomcat deserialization code execution20/05/2020Yes6%

Download the full vulnerability digest report by clicking here.

Subscribe to the monthly vulnerability digest report by clicking here.

 

1.CVE-2020-1048

An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

CVSS Rate7.8 HIGH
ExploitedNo
Linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1048

2.CVE-2020-11651

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions.

CVSS Rate9.8 CRITICAL
ExploitedYes
Linkshttp://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html
https://docs.saltstack.com/en/latest/topics/releases/2019.2.4.html

3.CVE-2020-12720

SQL Injection in vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 where it has incorrect access control.

CVSS Rate9.8 CRITICAL
ExploitedYes
Linkshttps://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4440032-vbulletin-5-6-1-security-patch-level-1
https://packetstormsecurity.com/files/157716/vBulletin-5.6.1-SQL-Injection.html

4.CVE-2020-0096

In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.

CVSS Rate7.8 HIGH
ExploitedNo
Linkshttps://source.android.com/security/bulletin/2020-05-01

5.CVE-2020-8617

Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state (DoS) if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable.

CVSS Rate7.8 HIGH
ExploitedYes
Linkshttps://packetstormsecurity.com/files/157836/BIND-TSIG-Denial-Of-Service.html
https://kb.isc.org/docs/cve-2020-8617

6.CVE-2020-8616

In BIND DNS Server, a malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral.

CVSS Rate8.6 HIGH
ExploitedYes
Linkshttps://kb.isc.org/docs/cve-2020-8616
http://www.nxnsattack.com/

7.CVE-2020-3956

VMware Cloud do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access

CVSS Rate8.8 HIGH
ExploitedNo
Linkshttps://www.vmware.com/security/advisories/VMSA-2020-0010.html

8.CVE-2020-11060

In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account having Maintenance privileges and the right to add WIFI networks.

CVSS Rate8.8 HIGH
ExploitedNo
Linkshttps://github.com/glpi-project/glpi/security/advisories/GHSA-cvvq-3fww-5v6f

9.CVE-2020-8983

An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution.

CVSS Rate7.5 HIGH
ExploitedNo
Linkshttps://support.citrix.com/article/CTX269106

 

10.CVE-2020-9484

Remote Code Execution (RCE) exists in Apache Tomcat where, in certain conditions, an attacker can send a
maliciously-constructed request to cause a deserialisation code execution vulnerability.

CVSS Rate9.8 CRITICAL
ExploitedYes
Linkshttps://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1
https://github.com/IdealDreamLast/CVE-2020-9484/