Most Exploited Cybersecurity Vulnerabilities of 2023 Revealed by FBI, CISA, and NSA

November 12, 2024

The FBI, NSA, and the cybersecurity bodies of the Five Eyes intelligence alliance have collectively issued a list of the top 15 vulnerabilities that were frequently exploited in the past year. This joint advisory, released on Tuesday, implores organizations across the globe to promptly rectify these security gaps and establish patch management systems to limit their network's exposure to potential cyber threats.

"In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets," the cybersecurity agencies cautioned. The majority of the frequently exploited vulnerabilities in 2023 were initially exploited as a zero-day, marking an increase from 2022, when less than half of the top exploited vulnerabilities were exploited as a zero-day.

The agencies also disclosed that 12 out of the 15 most regularly abused vulnerabilities were addressed in the previous year. This aligns with their warning that threat actors are concentrating their attacks on zero-days (security flaws that have been disclosed but are yet to be patched).

A code injection vulnerability in NetScaler ADC / Gateway, identified as CVE-2023-3519, that allows attackers to execute remote code on unpatched servers, was the most exploited. This vulnerability was abused by state hackers to infiltrate U.S. critical infrastructure organizations. By early August 2023, this security flaw had been manipulated to backdoor at least 640 Citrix servers globally and over 2,000 by mid-August.

The advisory also draws attention to 32 other vulnerabilities that were frequently exploited last year to compromise organizations. It provides information on how defenders can reduce their exposure to attacks exploiting these vulnerabilities in the wild.

In June, MITRE released its list of the 25 most hazardous software weaknesses for the previous two years. In November 2021, it also released a list of the most significant hardware weaknesses.

"All of these vulnerabilities are publicly known, but many are in the top 15 list for the first time," stated Jeffrey Dickerson, NSA's cybersecurity technical director, on Tuesday. "Network defenders should pay careful attention to trends and take immediate action to ensure vulnerabilities are patched and mitigated. Exploitation will likely continue in 2024 and 2025."

• CISA, NSA, and Partners Issue Annual Report on Top Exploited Vulnerabilities
• 2023 Top Routinely Exploited Vulnerabilities

Related News

• U.S. Agencies Highlight Ongoing Ransomware Attacks by Iranian Hacking Group
• Iranian Hackers Collaborate with Ransomware Gangs for Extortion
• ExCobalt Cybercrime Group Launches Advanced Attacks on Russian Entities
• Yamaha Motor Philippines Hit by Ransomware Attack: Employee Data Leaked
• Citrix NetScaler Vulnerability Exploited as Zero-Day since August

Latest News

• Emerging Remcos RAT Targets Microsoft Users: Full Device Takeover Threat
• CFPB Advises Employees to Limit Phone Use Following Salt Typhoon Hack
• Critical Veeam Vulnerability Exploited in Frag Ransomware Attacks
• Unresolved Vulnerabilities in Mazda Connect Could Allow Hackers to Install Persistent Malware
• Palo Alto Networks Issues Alert on Potential PAN-OS Remote Code Execution Vulnerability