Vulnerability Trends April 2021 ScanTitan

Vulnerability Trends Summary

As part of our monthly vulnerability trends, this report shows the monthly top 10 trends on security vulnerabilities and how hackers, malware, and exploit kits are exploiting those vulnerabilities. To demonstrate, we assign vulnerability trends value as a percentage of how each vulnerability is significantly gaining the attention of cybersecurity communities, attackers, together with malware. In either case, companies can benefit from the report to have more cyber threat insights and relatively anticipate attacks wave that might target their public assets in the following months.

Subscribe to the monthly vulnerability digest report by clicking here.

Download the full vulnerability digest report by clicking here.

The following chart shows the trends.

April 2021 Vulnerability Trends

April 2021 was a relief for system admins as less critical vulnerabilities compared to previous months. Pulse Secure authentication bypass was the vulnerability of the month. The next in line is Windows Kernel privilege escalation which is currently being exploited by attackers.

Other critical and important vulnerabilities were discovered in MS Exchange Server, Composer, Dell Driver, and Linux Kernel.

The following table shows the details of the trends.

CVEVulnerabilityPublish DateExploitedTrends*
CVE-2021-22893Pulse Secure authentication bypass20/04/2021Yes32%
CVE-2021-28310Privilege escalation in Windows Kernel13/04/2021Yes20%
CVE-2021-29472Command injection in Composer27/04/2021Yes8%
CVE-2021-28480Remote Code Execution in Microsoft Exchange13/04/2021No7%
CVE-2021-28482Remote Code Execution in Microsoft Exchange13/04/2021Yes6%
CVE-2021-28483Remote Code Execution in Microsoft Exchange13/04/2021No6%
CVE-2021-28481Remote Code Execution in Microsoft Exchange13/04/2021No6%
CVE-2021-3493Privilege escalation in Linux Kernel16/04/2021Yes6%
CVE-2021-22204Code execution in ExifTool23/04/2021Yes5%
CVE-2021-21551Privilege escalation in Dell Driver05/04/2021Yes4%

Subscribe to the monthly vulnerability digest report by clicking here.

Download the full vulnerability digest report by clicking here.

1. CVE-2021-22893 Pulse Secure Authentication Bypass

Pulse Connect Secure is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway.

2. CVE-2021-28310 Win32k Privilege Escalation

Privilege escalation vulnerability in Windows kernel (Win32k) due to out-of-bounds (OOB) write issue in dwmcore.dll, which is part of Desktop Window Manager (dwm.exe).

3. CVE-2021-29472 Composer Command Injection

Command injection vulnerability exists in Composer the PHP library manager which allows supply chain attack to be successful.

4. CVE-2021-28480 Remote Code Execution in Exchange Server

Remote code execution vulnerability exists in Microsoft Exchange Server. By sending a special request to the server, an attacker is able to execute arbitrary code on the server. This vulnerability is unique from CVE-2021-28482, CVE-2021-28481, and CVE-2021-28483.

5. CVE-2021-28482 Remote Code Execution in Exchange Server

Remote code execution vulnerability exists in Microsoft Exchange Server. By sending a special request to the server, an attacker is able to execute arbitrary code on the server. This vulnerability is unique from CVE-2021-28480, CVE-2021-28481, and CVE-2021-28483.

6. CVE-2021-28483 Remote Code Execution in Exchange Server

Remote code execution vulnerability exists in Microsoft Exchange Server. By sending a special request to the server, an attacker is able to execute arbitrary code on the server. This vulnerability is unique from CVE-2021-28480, CVE-2021-28481, and CVE-2021-28482.

7. CVE-2021-28481 Remote Code Execution in Exchange Server

Remote code execution vulnerability exists in Microsoft Exchange Server. By sending a special request to the server, an attacker is able to execute arbitrary code on the server. This vulnerability is unique from CVE-2021-28480, CVE-2021-28482, and CVE-2021-28483.

8. CVE-2021-3493 Privilege Escalation in Linux Kernel

Local privilege escalation vulnerability exists in Linux kernel as overlayfs implementation did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system.

9. CVE-2021-22204 Command Execution in ExifTool

Improper neutralization of user data in the DjVu file format in ExifTool allows arbitrary code execution when parsing the malicious image.

10. CVE-2021-21551 Privilege Escalation in Dell Driver

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

Fuente obtenida de: https://scantitan.com/blog/monthly-vulnerability-digest/vulnerability-trends-april-2021-2/

Compartelo en las redes sociales

Compartir en facebook Compartir en google+ Compartir en twitter Compartir en pinterest Compartir en likedin Compartir en WhatsApp

Sobre Kamal Majaiti 1568 artículos
Administrador de sistemas e informático por vocación.

Sé el primero en comentar

Dejar una contestacion

Tu dirección de correo electrónico no será publicada.


*


Este sitio usa Akismet para reducir el spam. Aprende cómo se procesan los datos de tus comentarios.