Zero-days from top security vendors were most exploited CVEs in 2023

Zero-days comprised the majority of the most routinely exploited vulnerabilities last year, an increase from 2022 which allowed cybercriminals to attack higher-priority targets, Five Eyes cyber officials said in a Tuesday advisory.

The top five vulnerabilities exploited by attackers in 2023 were found in three vendors across networking devices, remote access servers and firewalls.

• Two vulnerabilities, CVE-2023-3519 and CVE-2023-4966, affected Citrix remote access servers.
• Another pair, CVE-2023-20198 and CVE-2023-20273, affected Cisco networking devices.
• CVE-2023-27997 affected Fortinet firewalls.

Last year, the two pairs of CVEs in Citrix and Cisco products, respectively, comprised the four most-exploited vulnerabilities of the year.

Attackers can inflict far reaching and sustained damage on thousands of organizations by focusing their efforts on compromising widely used technology. And the technology that is most abused is coming from leading security vendors, which have repeat CVEs.

While the report is a look back on 2023, the same trend continues and impacts are still playing out for customers across a wide swath of security device and service vendors.

The Cybersecurity and Infrastructure Security Agency is trying to clean up software vendors’ code by encouraging technology companies to eliminate entire classes of defects, coding errors and vulnerabilities from their products.

The agency’s secure-by-design initiative, which aims to shift security responsibilities from customers to vendors by building security into their products during the design and development phase, is part of that effort. Nearly 250 companies, including Cisco and Fortinet, have signed CISA’s voluntary pledge since May.

Yet, the problem persists and the lack of progress underscores CISA’s limited capability to change long-ingrained software development practices. Software defects that continue to cause problems for customers are baked into products that are already in the market.

Citrix bleeds

Researchers dubbed CVE-2023-4966 CitrixBleed as the critical buffer overflow vulnerability caused widespread concern last year. CitrixBleed exploits were linked to ransomware attacks, which impacted some of the most highly regulated companies in the world, including Boeing and Comcast.

To read the complete article, visit Cybersecurity Dive.