The following article presents a summary of the vulnerabilities that had the highest probability of being exploited during the second half of 2023.
As mentioned in our first article, the tools provided by FIRST can be used to find the vulnerabilities most likely to be exploited. Likewise, we used the NIST vulnerability classifier to discover the severity of each vulnerability.
We then filtered the vulnerabilities, prioritizing those with a higher probability of being exploited.
Figure 1. Vulnerabilities throughout the second semester ordered by their probability of being exploited.
The following is a table with some critical vulnerabilities that had a greater likelihood of being exploited during the second half of last year.
Top 10 Table
(Free access, no subscription required)
CVE
CVSS v3.1
EPSS (Q4 2023)
CVE-2019-1653
7.5 HIGH
0.97567
CVE-2014-6271
7.5 HIGH
0.97564
CVE-2015-7297
7.5 HIGH
0.97564
CVE-2018-7600
9.8 CRITICAL
0.9756
CVE-2015-1635
10 HIGH (CVSS v2)
0.97559
CVE-2019-2725
9.8 CRITICAL
0.97559
CVE-2017-8917
9.8 CRITICAL
0.97555
CVE-2019-16662
9.8 CRITICAL
0.97555
CVE-2020-5902
9.8 CRITICAL
0.97555
CVE-2020-14750
9.8 CRITICAL
0.97553
CVE-2019-1653 – Information disclosure vulnerability in Cisco Small Business RV320 and RV325 Routers
CVSSv3.1: 7.5 HIGH
Vulnerable versions: Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers using Firmware from 1.4.2.15 to 1.4.2.20.
Solution: Update to the newest possible version.
CVE
CVSS v3.1
EPSS (Q4 2023)
CVE-2019-1653
7.5 HIGH
0.97567
CVE-2014-6271
7.5 HIGH
0.97564
CVE-2015-7297
7.5 HIGH
0.97564
CVE-2018-7600
9.8 CRITICAL
0.9756
CVE-2015-1635
10 HIGH (CVSS v2)
0.97559
CVE-2019-2725
9.8 CRITICAL
0.97559
CVE-2017-8917
9.8 CRITICAL
0.97555
CVE-2019-16662
9.8 CRITICAL
0.97555
CVE-2020-5902
9.8 CRITICAL
0.97555
CVE-2020-14750
9.8 CRITICAL
0.97553
CVE-2019-1653 – Information disclosure vulnerability in Cisco Small Business RV320 and RV325 Routers
CVSSv3.1: 7.5 HIGH
Vulnerable versions: Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers using Firmware from 1.4.2.15 to 1.4.2.20.
Solution: Update to the newest possible version.
Description: Vulnerability in the Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers’ web manager might allow a remote, unauthenticated attacker to download the system configuration.
Overall, the vulnerabilities most likely to be exploited are persistent issues. They are used to compromise systems that have not been updated. This is coupled with the existence of publicly available exploits or proofs of concept that are generally easily applied by cybercriminals with limited knowledge about the technology they wish to compromise.
Some new vulnerabilities are also actively exploited by criminals. Examples of these include CVE-2023-20198 and CVE-2023-20273, which were released in October 2023 and affect the web configuration feature of Cisco IOS XE Software. In this case, updating the system is suggested. If the update cannot be performed, the web functionalities must be deactivated.
Recommendations
When faced with the challenge of updating multiple systems, it is advisable to prioritize updating those that are most likely to be attacked or compromised.
In this context, there could be a situation where a vulnerability with a HIGH CVSS score is technically difficult to exploit, while at the same time there might be another vulnerability with a MEDIUM CVSS score for which public exploits exist, which would make it easier for it to be exploited by an attacker. To decide this prioritization, we recommend using the EPSS tool offered by FIRST.
References:
What is the Exploit Prediction Scoring System (EPSS)?
