Vulnerability Trends Summary
As part of our monthly vulnerability trends, this report shows the monthly top 10 trends on security vulnerabilities and how hackers, malware, and exploit kits are exploiting those vulnerabilities. To demonstrate, we assign vulnerability trends value as a percentage of how each vulnerability is significantly gaining the attention of cyber security communities, attackers, together with malware. In either case, companies can benefit from the report to have more cyber threat insights and relatively anticipate attacks wave that might target their public assets in the following months.
Subscribe to the monthly vulnerability digest report by clicking here.
Download the full vulnerability digest report by clicking here.
The following chart shows the trends.
In August 2020, we see that the information security community pays more attention, again, to Microsoft published vulnerabilities as CVE-2020-1380 which is a vulnerability in Internet Explorer scripting engine caused a remote code execution. This vulnerability gained almost 20% of overall August trends.
Another important August vulnerability is the QEMU which leads to VM escape and impact the host.
The following table shows the details of the trends.
| CVE | Vulnerability | Publish Date | Exploited | Trends* |
| CVE-2020-1380 | IE Scripting Engine Memory Corruption | 17/07/2020 | Yes | 20% |
| CVE-2020-1465 | Windows Spoofing Vulnerability | 17/07/2020 | Yes | 16% |
| CVE-2020-1530 | Elevation of Privilege Windows Remote Access | 17/07/2020 | Yes | 14% |
| CVE-2020-14364 | QEMU VM Escape Vulnerability | 24/07/2020 | Yes | 10% |
| CVE-2020-1472 | Privilege Escalation in Windows Netlogon | 17/07/2020 | No | 10% |
| CVE-2020-16845 | Infinite Read Loop in Go | 06/07/2020 | No | 7% |
| CVE-2020-3433 | DLL Hijacking in Cisco AnyConnect Client | 17/07/2020 | No | 6% |
| CVE-2020-8209 | Arbitrary File Reads in Citrix XenMobile Server | 17/07/2020 | No | 5% |
| CVE-2020-9697 | Memory Read in Adobe Acrobat Reader | 19/07/2020 | Yes | 5% |
| CVE-2020-9490 | DoS in Apache 2 | 07/07/2020 | Yes | 4% |
| CVE-2020-3446 | Default Credentials in Cisco vWAAS | 19/07/2020 | No | 3% |
Subscribe to the monthly vulnerability digest report by clicking here.
Download the full vulnerability digest report by clicking here.
1.CVE-2020-1380
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’.
2.CVE-2020-1464
A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who
successfully exploited this vulnerability could bypass security features and load improperly signed files.
3.CVE-2020-1530
An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.
| CVSS Rate | 7.8 HIGH |
| Exploited | Yes |
| Links | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1530 https://symeonp.github.io/2020/12/08/phonebook-uaf-analysis.html |
4.CVE-2020-14364
The vulnerability exists in the Qemu USB module, which can cause out-of-bounds reading and writing, and thus realize virtual machine escape.
| CVSS Rate | 9.3 CRITICAL |
| Exploited | Yes |
| Links | https://xenbits.xen.org/xsa/advisory-335.html https://www.openwall.com/lists/oss-security/2020/08/24/3 https://meterpreter.org/cve-2020-14364/ |
5.CVE-2020-1472
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure
channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker
who successfully exploited the vulnerability could run a specially crafted application on a device on the
network.
| CVSS Rate | 10.0 CRITICAL |
| Exploited | No |
| Links | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472 |
6.CVE-2020-16845
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in
encoding/binary via invalid inputs.
| CVSS Rate | 7.5 HIGH |
| Exploited | No |
| Links | https://github.com/golang/go/issues/40618 |
7.CVE-2020-3433
A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system.
| CVSS Rate | 7.8 HIGH |
| Exploited | No |
| Links | https://tools.cisco.com/security/center/content |
8.CVE-2020-8209
Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.
| CVSS Rate | 7.5 HIGH |
| Exploited | No |
| Links | https://support.citrix.com/article/CTX277457 |
9.CVE-2020-9697
Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a disclosure of sensitive data vulnerability. Successful exploitation could lead to memory leak.
| CVSS Rate | 5.5 MEDIUM |
| Exploited | Yes |
| Links | https://helpx.adobe.com/security/products/acrobat/apsb20-48.html https://twitter.com/thezdi/status/1293568647043190784 |
10.CVE-2020-9490
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the ‘Cache-Digest’ header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards.
| CVSS Rate | 7.5 HIGH |
| Exploited | Yes |
| Links | https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490 https://twitter.com/wugeej/status/1298464906652475395 |
11.CVE-2020-3446
Default account vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected device by using accounts that have a default, static password.
| CVSS Rate | 9.8 CRITICAL |
| Exploited | No |
| Links | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-waas-encsw-cspw-credhZzL29A7 |
