Vulnerability Trends Summary

As part of our monthly vulnerability trends, this report shows the monthly top 10 trends on security vulnerabilities and how hackers, malware, and exploit kits are exploiting those vulnerabilities. To demonstrate, we assign vulnerability trends value as a percentage of how each vulnerability is significantly gaining the attention of cyber security communities, attackers, together with malware. In either case, companies can benefit from the report to have more cyber threat insights and relatively anticipate attacks wave that might target their public assets in the following months.

Subscribe to the monthly vulnerability digest report by clicking here.

Download the full vulnerability digest report by clicking here.

The following chart shows the trends.

 

In August 2020, we see that the information security community pays more attention, again, to Microsoft published vulnerabilities as CVE-2020-1380 which is a vulnerability in Internet Explorer scripting engine caused a remote code execution. This vulnerability gained almost 20% of overall August trends.

Another important August vulnerability is the QEMU which leads to VM escape and impact the host.

The following table shows the details of the trends.

 

CVEVulnerabilityPublish DateExploitedTrends*
CVE-2020-1380IE Scripting Engine Memory Corruption17/07/2020Yes20%
CVE-2020-1465Windows Spoofing Vulnerability17/07/2020Yes16%
CVE-2020-1530Elevation of Privilege Windows Remote Access17/07/2020Yes14%
CVE-2020-14364QEMU VM Escape Vulnerability24/07/2020Yes10%
CVE-2020-1472Privilege Escalation in Windows Netlogon17/07/2020No10%
CVE-2020-16845Infinite Read Loop in Go06/07/2020No7%
CVE-2020-3433DLL Hijacking in Cisco AnyConnect Client17/07/2020No6%
CVE-2020-8209Arbitrary File Reads in Citrix XenMobile Server17/07/2020No5%
CVE-2020-9697Memory Read in Adobe Acrobat Reader19/07/2020Yes5%
CVE-2020-9490DoS in Apache 207/07/2020Yes4%
CVE-2020-3446Default Credentials in Cisco vWAAS19/07/2020No3%

Subscribe to the monthly vulnerability digest report by clicking here.

Download the full vulnerability digest report by clicking here.

 

1.CVE-2020-1380

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’.

CVSS Rate7.5 HIGH
ExploitedYes
Linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1380
https://www.trendmicro.com/en_us/research/20/h/cve-2020-1380-analysis-of-recently-fixed-ie-zeroday.html

2.CVE-2020-1464

A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who
successfully exploited this vulnerability could bypass security features and load improperly signed files.

CVSS Rate5.5 MEDIUM
ExploitedYes
Linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1464
https://medium.com/@TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd
https://mp.weixin.qq.com/s/CRdDJeen-Zqc0RCnMr4kzQ

3.CVE-2020-1530

An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.

CVSS Rate7.8 HIGH
ExploitedYes
Linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1530
https://symeonp.github.io/2020/12/08/phonebook-uaf-analysis.html

4.CVE-2020-14364

The vulnerability exists in the Qemu USB module, which can cause out-of-bounds reading and writing, and thus realize virtual machine escape.

CVSS Rate9.3 CRITICAL
ExploitedYes
Linkshttps://xenbits.xen.org/xsa/advisory-335.html
https://www.openwall.com/lists/oss-security/2020/08/24/3
https://meterpreter.org/cve-2020-14364/

5.CVE-2020-1472

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure
channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker
who successfully exploited the vulnerability could run a specially crafted application on a device on the
network.

CVSS Rate10.0 CRITICAL
ExploitedNo
Linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472

6.CVE-2020-16845

Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in
encoding/binary via invalid inputs.

CVSS Rate7.5 HIGH
ExploitedNo
Linkshttps://github.com/golang/go/issues/40618

7.CVE-2020-3433

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack. To exploit this vulnerability, the attacker would need to have valid credentials on the Windows system.

CVSS Rate7.8 HIGH
ExploitedNo
Linkshttps://tools.cisco.com/security/center/content

8.CVE-2020-8209

Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.

CVSS Rate7.5 HIGH
ExploitedNo
Linkshttps://support.citrix.com/article/CTX277457

9.CVE-2020-9697

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a disclosure of sensitive data vulnerability. Successful exploitation could lead to memory leak.

CVSS Rate5.5 MEDIUM
ExploitedYes
Linkshttps://helpx.adobe.com/security/products/acrobat/apsb20-48.html
https://twitter.com/thezdi/status/1293568647043190784

10.CVE-2020-9490

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the ‘Cache-Digest’ header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards.

CVSS Rate7.5 HIGH
ExploitedYes
Linkshttps://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490
https://twitter.com/wugeej/status/1298464906652475395

11.CVE-2020-3446

Default account vulnerability in Cisco Virtual Wide Area Application Services (vWAAS) with Cisco Enterprise NFV Infrastructure Software (NFVIS)-bundled images for Cisco ENCS 5400-W Series and CSP 5000-W Series appliances could allow an unauthenticated, remote attacker to log into the NFVIS CLI of an affected device by using accounts that have a default, static password.

CVSS Rate9.8 CRITICAL
ExploitedNo
Linkshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-waas-encsw-cspw-credhZzL29A7