{"id":7397,"date":"2021-11-15T12:11:27","date_gmt":"2021-11-15T19:11:27","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=7397"},"modified":"2023-04-20T02:21:48","modified_gmt":"2023-04-20T09:21:48","slug":"20-percent-of-cves-listed-in-cisas-latest-directive-have-ransomware-associations","status":"publish","type":"post","link":"https:\/\/webdev.securin.xyz\/articles\/20-percent-of-cves-listed-in-cisas-latest-directive-have-ransomware-associations\/","title":{"rendered":"20 Percent of CVEs Listed in CISA\u2019s Latest Directive have Ransomware Associations"},"content":{"rendered":"

A directive<\/a> recently released by the US government-backed Cybersecurity and Infrastructure Security Agency has a list of 703\u00a0known vulnerabilities that organizations have been asked to focus on patching immediately. Amongst the vulnerabilities, 158\u00a0vulnerabilities have been identified as being exploited actively by various ransomware families. Read on to learn more about the vulnerabilities.<\/strong><\/p>\n

 <\/p>\n

On November 03, 2021, the Cybersecurity and Infrastructure Security Agency (CISA) released a list of known exploited vulnerabilities<\/a> in a directive<\/a> aimed at organizations from all sectors. With regular upates to the list, the final count now stands at 703\u00a0KEVs. The CISA list puts special emphasis towards patching known and exploited vulnerabilities associated with software and hardware commonly found on the US federal information systems, and those used by third party agencies.<\/p>\n

 <\/p>\n

On November 15, 2021, CISA published a list<\/a> of vulnerabilities as part of the Industrial Control Systems Advisory (ICSA) that are found in data distribution and implementation service software.<\/p>\n

 <\/p>\n

Our security analysts took a deeper look at the list and discovered that several of the vulnerabilities have been exploited by or are associated with multiple ransomware groups.\u00a0<\/strong><\/p>\n\n<\/thead>\n\n\n\n\n\n
Ransomware CVEs<\/td>\n158<\/td>\n<\/tr>\n
Exploited CVEs<\/td>\n116<\/td>\n<\/tr>\n
CVEs with RCE\/PE<\/td>\n100<\/td>\n<\/tr>\n
Total trending CVEs<\/td>\n138<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

CSW Ransomware Reports Call Out 157\u00a0of the 158\u00a0vulnerabilities<\/h2>\n

CSW experts have mentioned 157\u00a0of the 158\u00a0vulnerabilities that have ransomware associations in the Ransomware Spotlight Report 2021 and 2022, and their subsequent index updates<\/a>.<\/p>\n

We have also identified a total of 138\u00a0unique ransomware groups\u00a0that are associated with the ransomware vulnerabilities in CISA\u2019s KEVs. Our researchers have also noted that out of a total of\u00a0 158 ransomware vulnerabilities, 86 vulnerabilities are also actively exploited by Advanced Persistent Threat (APT) groups.<\/p>\n

 <\/p>\n

CVEs with Most Ransomware Associations<\/h2>\n

The top five CVEs with the highest number of ransomware family associations include:<\/p>\n\n\n\n\n<\/colgroup>\n\n\n\n\n\n\n\n\n
\n

CVE IDs<\/p>\n<\/th>\n

\n

No. of Ransomware Associations<\/p>\n<\/th>\n<\/tr>\n<\/thead>\n

\n

CVE-2018-4878<\/p>\n<\/td>\n

\n

41<\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2017-0144<\/p>\n<\/td>\n

\n

17<\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2017-0145<\/p>\n<\/td>\n

\n

16<\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2017-0147<\/p>\n<\/td>\n

\n

13<\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2019-19781<\/p>\n<\/td>\n

\n

12<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Top Vendors Affected by Ransomware<\/h2>\n

Our research on the vendors most affected by ransomware puts Microsoft at the top of the list with 737 affected products, and Apache in second position with 607 products.<\/p>\n

Here is a detailed insight into the Top Vendors Affected by Ransomware.<\/strong><\/p>\n

 <\/p>\n\n\n\n\n\n<\/colgroup>\n\n\n\n\n\n\n\n\n
\n

Vendor<\/p>\n<\/th>\n

\n

Overall Affected Products<\/p>\n<\/th>\n

\n

Most Critical CVE<\/p>\n<\/th>\n

\n

Ransomware Associations<\/p>\n<\/th>\n<\/tr>\n<\/thead>\n

\n

Microsoft<\/p>\n<\/td>\n

\n

737<\/p>\n<\/td>\n

\n

CVE-2020-1472<\/p>\n<\/td>\n

\n

7<\/p>\n<\/td>\n<\/tr>\n

\n

Apache<\/p>\n<\/td>\n

\n

607<\/p>\n<\/td>\n

\n

CVE-2017-5638<\/p>\n<\/td>\n

\n

4<\/p>\n<\/td>\n<\/tr>\n

\n

VMware<\/p>\n<\/td>\n

\n

577<\/p>\n<\/td>\n

\n

CVE-2021-21972<\/p>\n<\/td>\n

\n

2<\/p>\n<\/td>\n<\/tr>\n

\n

Oracle<\/p>\n<\/td>\n

\n

530<\/p>\n<\/td>\n

\n

CVE-2019-2725<\/p>\n<\/td>\n

\n

7<\/p>\n<\/td>\n<\/tr>\n

\n

Adobe<\/p>\n<\/td>\n

\n

314<\/p>\n<\/td>\n

\n

CVE-2018-15982<\/p>\n<\/td>\n

\n

5<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

Top Products Affected by Ransomware<\/h2>\n

Our analysts noted that Oracle\u2019s Java Software Environment\u00a0 was the worst hit by ransomware and accounted for 497 affected products. VMWare\u2019s ESXi and Horizon DaaS Appliances take the second spot. The Apache Log4j logging library that created a security storm in late 2021 comes in third with 378 affected products, closely followed by Microsoft Windows, Windows Server and the popular Office suite. Zoho ManageEngine Self Service engine makes the cut into the top five most affected products.<\/p>\n\n\n\n\n<\/colgroup>\n\n\n\n\n\n\n\n\n
\n

Product<\/p>\n<\/th>\n

\n

Vendors<\/p>\n<\/th>\n

\n

No. of Products Affected<\/p>\n<\/th>\n<\/tr>\n<\/thead>\n

\n

Java SE<\/p>\n<\/td>\n

\n

Oracle<\/p>\n<\/td>\n

\n

497<\/p>\n<\/td>\n<\/tr>\n

\n

ESXi, Horizon DaaS Appliances<\/p>\n<\/td>\n

\n

VMware<\/p>\n<\/td>\n

\n

474<\/p>\n<\/td>\n<\/tr>\n

\n

Log4j2<\/p>\n<\/td>\n

\n

Apache<\/p>\n<\/td>\n

\n

378<\/p>\n<\/td>\n<\/tr>\n

\n

Windows, Windows Server, Office<\/p>\n<\/td>\n

\n

Microsoft<\/p>\n<\/td>\n

\n

340<\/p>\n<\/td>\n<\/tr>\n

\n

ManageEngine ADSelfServicePlus<\/p>\n<\/td>\n

\n

Zoho<\/p>\n<\/td>\n

\n

170<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

Top Trending CVEs<\/h2>\n

There are a total of 138\u00a0CVEs that are trending, of which Microsoft has a majority of products.\u00a0Of these\u00a0 vulnerabilities, our team of expert pentesters have prioritized a handful of them for further research.\u00a0Here is an in-depth analysis of the trending CVEs selected by our researchers which have the largest impact:<\/strong><\/p>\n\n\n\n\n\n\n<\/colgroup>\n\n\n\n\n\n\n\n\n
\n

CVE<\/p>\n<\/th>\n

\n

Vendor<\/p>\n<\/th>\n

\n

Product<\/p>\n<\/th>\n

\n

Severity |<\/p>\n

CVSS V3 Score<\/p>\n<\/th>\n

\n

Number of Products<\/p>\n

Affected<\/p>\n<\/th>\n<\/tr>\n<\/thead>\n

\n

CVE-2017-5638<\/p>\n<\/td>\n

\n

Apache<\/p>\n<\/td>\n

\n

Struts<\/p>\n<\/td>\n

\n

Critical | 10.0<\/p>\n<\/td>\n

\n

53<\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2020-0796<\/p>\n<\/td>\n

\n

Microsoft<\/p>\n<\/td>\n

\n

SMBv3<\/p>\n<\/td>\n

\n

Critical | 10.0<\/p>\n<\/td>\n

\n

4<\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2020-1472<\/p>\n<\/td>\n

\n

Microsoft<\/p>\n<\/td>\n

\n

Netlogon Remote<\/p>\n

Protocol (MS-NRPC)<\/p>\n<\/td>\n

\n

Critical | 10.0<\/p>\n<\/td>\n

\n

24<\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2021-22205<\/p>\n<\/td>\n

\n

ExifTool<\/p>\n<\/td>\n

\n

ExifTool<\/p>\n<\/td>\n

\n

Critical | 10.0<\/p>\n<\/td>\n

\n

6<\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2021-44228<\/p>\n<\/td>\n

\n

Apache<\/p>\n<\/td>\n

\n

Log4j2<\/p>\n<\/td>\n

\n

Critical | 10.0<\/p>\n<\/td>\n

\n

378<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

Ransomware CVEs that Ought to be Patched in June\u00a02022<\/h2>\n

Out of the 138\u00a0most trending vulnerabilities, CISA has identified 3\u00a0that need to be patched by June 2022.<\/p>\n\n\n\n\n\n<\/colgroup>\n\n\n\n\n\n\n
\n

CVE<\/p>\n<\/th>\n

\n

Vendor<\/p>\n<\/th>\n

\n

Product<\/p>\n<\/th>\n

\n

CVSS Severity<\/p>\n<\/th>\n<\/tr>\n<\/thead>\n

\n

CVE-2017-0147<\/p>\n<\/td>\n

\n

Microsoft<\/p>\n<\/td>\n

\n

SMBv1 server<\/p>\n<\/td>\n

\n

MEDIUM<\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2017-12149<\/p>\n<\/td>\n

\n

Red Hat<\/p>\n<\/td>\n

\n

JBoss Application Server<\/p>\n<\/td>\n

\n

CRITICAL<\/p>\n<\/td>\n<\/tr>\n

\n

CVE-2018-14847<\/p>\n<\/td>\n

\n

MikroTik<\/p>\n<\/td>\n

\n

RouterOS<\/p>\n<\/td>\n

\n

CRITICAL<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n

For an overall analysis of all CISA warned vulnerabilities, and those that need to be addressed immediately, refer to our blog<\/a>.<\/p>\n

 <\/p>\n

Fix these Vulnerabilities Now! Conduct Regular Ransomware Pentesting Assessments to Secure your Attack Surface.<\/h2>\n

Of the known and exploited vulnerabilities that CISA places emphasis on in their directive<\/a> for organizations to patch,\u00a0 vulnerabilities with ransomware associations require immediate attention and urgent patching.<\/p>\n

 <\/p>\n

At CSW, our expert pentesters and security researchers can help you prioritize the patching of the ransomware vulnerabilities and ensure that all organizations meet the deadlines set by the directive.<\/p>\n

 <\/p>\n

CSW experts believe that organizations that conduct monthly or quarterly ransomware penetration assessments have a greater chance of identifying and fixing vulnerabilities that can potentially affect their systems, thereby ensuring a secure attack surface<\/a>. This in turn helps to improve an organization\u2019s cyber hygiene, reinforces security management teams and boosts brand reputation.<\/p>\n

Worried about how susceptible your organization is to a ransomware attack?\u00a0<\/strong><\/p>\n

Get a Ransomware Penetration Test done today!\u00a0<\/strong><\/p>\n

Click here<\/a> to talk to us.\u00a0<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

A directive recently released by the US government-backed Cybersecurity and Infrastructure Security Agency has a list of 703 known vulnerabilities that organizations have been asked to focus on patching immediately. Amongst them, 158 vulnerabilities have been identified as being exploited actively by various ransomware families. Read on to learn more about the vulnerabilities.<\/p>\n","protected":false},"author":1,"featured_media":7398,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[80,110,83],"tags":[89,93,91,88,139],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/7397"}],"collection":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/comments?post=7397"}],"version-history":[{"count":4,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/7397\/revisions"}],"predecessor-version":[{"id":17884,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/posts\/7397\/revisions\/17884"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media\/7398"}],"wp:attachment":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media?parent=7397"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/categories?post=7397"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/tags?post=7397"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}