Vulnerability Trends Summary

 

As part of our monthly vulnerability trends, this report shows the monthly top 10 trends on security vulnerabilities and how hackers, malware, and exploit kits are exploiting those vulnerabilities. To demonstrate, we assign vulnerability trends value as a percentage of how each vulnerability is significantly gaining the attention of cybersecurity communities, attackers, together with malware. In either case, companies can benefit from the report to have more cyber threat insights and relatively anticipate attacks wave that might target their public assets in the following months.

Subscribe to the monthly vulnerability digest report by clicking here.

The following chart shows the trends.

May 2021 Vulnerability Trends

In May 2021 we see most of the vulnerabilities are already exploited or a Proof-of-Concept (PoC) is already published.  The wormable Microsoft IIS/HTTP.SYS remote code execution was the vulnerability of the month. The next in line is privilege escalation in Dell Driver which impacts millions of laptops.

Other critical and important vulnerabilities were discovered in vCenter, Bitcoin Core, and Adobe Reader.

The following table shows the details of the trends.

CVEVulnerabilityPublish DateExploitedTrends*
CVE-2021-31166Windows / IIS Remote Code Execution11/05/2021Yes32%
CVE-2021-21551Privilege Escalation in Dell Driver04/05/2021Yes15%
CVE-2021-21985vCenter Remote Code Execution25/05/2021Yes12%
CVE-2021-22908Privilege Escalation in Pulse Connect Secure18/05/2021Yes10%
CVE-2021-30747Information Disclosure in Apple M1 Chips26/05/2021Yes8%
CVE-2021-31876DoS in Bitcoin Core06/05/2021Yes7%
CVE-2021-1905Use After Free in Snapdragon07/05/2021No5%
CVE-2021-3493Microsoft Hyper-V Remote Code Execution11/05/2021Yes4%
CVE-2021-28550Command Execution in Adobe Reader11/05/2021Yes4%
CVE-2021-30731Privilege Escalation in macOS Big Sur24/05/2021Yes3%

Subscribe to the monthly vulnerability digest report by clicking here.

 

1. CVE-2021-31166 Windows / IIS Remote Code Execution

A remote code execution vulnerability exists in Microsoft Internet Information Services (IIS) and other components that use HTTP.SYS driver (HTTP Protocol Stack). This vulnerability is critical and wormable.

CVSS Rate9.8 Critical
ExploitedYes
Links

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31166

https://github.com/0vercl0k/CVE-2021-31166

 

2. CVE-2021-21551 Privilege Escalation in Dell Driver

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

CVSS Rate7.8 High
ExploitedYes
Links

https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability

 

3. CVE-2021-21985 vCenter Remote Code Execution

The vSphere Client (HTML5) contains a remote code execution vulnerability with unrestricted privileges code execution. The vulnerability is due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. 

CVSS Rate9.8 Critical
ExploitedYes
Links

https://www.vmware.com/security/advisories/VMSA-2021-0010.html

https://github.com/alt3kx/CVE-2021-21985_PoC

 

4. CVE-2021-22908 Privilege Escalation in Pulse Connect Secure 

A vulnerability was discovered under Pulse Connect Secure (PCS). This includes buffer overflow vulnerability on the Pulse Connect Secure gateway that allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user.

CVSS Rate8.5 High
Exploited

Yes

Links

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44800/

https://github.com/CERTCC/PoC-Exploits/tree/master/cve-2021-22908

 

5. CVE-2021-30747 Information Disclosure in Apple M1 Chips

Information disclosure via a covert channel in M1 chips of Apple that causes a process to access another process data. This vulnerability is a design flaw and it is unpatchable. However, the risk is low.

CVSS Rate3.7 Low
ExploitedYes
Links

https://m1racles.com/

 

6. CVE-2021-31876 DoS in Bitcoin Core

Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes.

CVSS Rate6.5 Medium
ExploitedYes
Links

https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2021-31876

https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2021-May/018893.html

 

7. CVE-2021-1905 Use After Free in Snapdragon

Possible use after free due to improper handling of memory mapping of multiple processes simultaneously which affects most Android devices and there are limited evidences of possible attacks.

CVSS Rate8.3 Critical
ExploitedNo
Linkshttps://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin#_cve-2021-1905

 

8. CVE-2021-28476 Microsoft Hyper-V Remote Code Execution

A remote code execution vulnerability exists in Microsoft Hyper-V. However, Microsoft notes an attacker is more likely to abuse this vulnerability for a denial of service in the form of a bugcheck rather than code execution.

CVSS Rate9.9 Critical
ExploitedYes
Links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28476

https://github.com/0vercl0k/CVE-2021-28476

 

9. CVE-2021-28550 Command Execution in Adobe Reader

Improper neutralization of user data in the DjVu file format in ExifTool allows arbitrary code execution when parsing the malicious image.

CVSS Rate7.8 High
ExploitedYes
Links

https://helpx.adobe.com/security/products/acrobat/apsb21-29.htm

https://www.pdq.com/blog/adobe-cve-2021-28550-zero-day-exploit/

 

10. CVE-2021-30731 Privilege Escalation in macOS Big Sur

A vulnerability that exists in macOS Big Sur allows a malicious application to bypass Privacy preferences and take screenshots of the user desktop. Apple is aware of a report that this issue may have been actively exploited.

CVSS Rate7.8 High
ExploitedYes
Linkshttps://support.apple.com/en-ae/HT212529

 

ScanTitan is the leading website security portal that offers website vulnerability scanning, website malware scanning, uptime monitoring, cyber brand monitoring, defacement monitoring, and continuous threat monitoring and alerting.

Now you can find the latest Scantitan promotions through our official coupon store