Blog de Informática, finanzas e inversión.


Vulnerability Trends May 2021 ScanTitan

Tabla de contenido

Vulnerability Trends Summary

As part of our monthly vulnerability trends, this report shows the monthly top 10 trends on security vulnerabilities and how hackers, malware, and exploit kits are exploiting those vulnerabilities. To demonstrate, we assign vulnerability trends value as a percentage of how each vulnerability is significantly gaining the attention of cybersecurity communities, attackers, together with malware. In either case, companies can benefit from the report to have more cyber threat insights and relatively anticipate attacks wave that might target their public assets in the following months.

Subscribe to the monthly vulnerability digest report by clicking here.

The following chart shows the trends.

May 2021 Vulnerability Trends

In May 2021 we see most of the vulnerabilities are already exploited or a Proof-of-Concept (PoC) is already published.  The wormable Microsoft IIS/HTTP.SYS remote code execution was the vulnerability of the month. The next in line is privilege escalation in Dell Driver which impacts millions of laptops.

Other critical and important vulnerabilities were discovered in vCenter, Bitcoin Core, and Adobe Reader.

The following table shows the details of the trends.

CVEVulnerabilityPublish DateExploitedTrends*
CVE-2021-31166Windows / IIS Remote Code Execution11/05/2021Yes32%
CVE-2021-21551Privilege Escalation in Dell Driver04/05/2021Yes15%
CVE-2021-21985vCenter Remote Code Execution25/05/2021Yes12%
CVE-2021-22908Privilege Escalation in Pulse Connect Secure18/05/2021Yes10%
CVE-2021-30747Information Disclosure in Apple M1 Chips26/05/2021Yes8%
CVE-2021-31876DoS in Bitcoin Core06/05/2021Yes7%
CVE-2021-1905Use After Free in Snapdragon07/05/2021No5%
CVE-2021-3493Microsoft Hyper-V Remote Code Execution11/05/2021Yes4%
CVE-2021-28550Command Execution in Adobe Reader11/05/2021Yes4%
CVE-2021-30731Privilege Escalation in macOS Big Sur24/05/2021Yes3%

Subscribe to the monthly vulnerability digest report by clicking here.

1. CVE-2021-31166 Windows / IIS Remote Code Execution

A remote code execution vulnerability exists in Microsoft Internet Information Services (IIS) and other components that use HTTP.SYS driver (HTTP Protocol Stack). This vulnerability is critical and wormable.

2. CVE-2021-21551 Privilege Escalation in Dell Driver

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

3. CVE-2021-21985 vCenter Remote Code Execution

The vSphere Client (HTML5) contains a remote code execution vulnerability with unrestricted privileges code execution. The vulnerability is due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. 

4. CVE-2021-22908 Privilege Escalation in Pulse Connect Secure 

A vulnerability was discovered under Pulse Connect Secure (PCS). This includes buffer overflow vulnerability on the Pulse Connect Secure gateway that allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user.

5. CVE-2021-30747 Information Disclosure in Apple M1 Chips

Information disclosure via a covert channel in M1 chips of Apple that causes a process to access another process data. This vulnerability is a design flaw and it is unpatchable. However, the risk is low.

6. CVE-2021-31876 DoS in Bitcoin Core

Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes.

7. CVE-2021-1905 Use After Free in Snapdragon

Possible use after free due to improper handling of memory mapping of multiple processes simultaneously which affects most Android devices and there are limited evidences of possible attacks.

8. CVE-2021-28476 Microsoft Hyper-V Remote Code Execution

A remote code execution vulnerability exists in Microsoft Hyper-V. However, Microsoft notes an attacker is more likely to abuse this vulnerability for a denial of service in the form of a bugcheck rather than code execution.

9. CVE-2021-28550 Command Execution in Adobe Reader

Improper neutralization of user data in the DjVu file format in ExifTool allows arbitrary code execution when parsing the malicious image.

10. CVE-2021-30731 Privilege Escalation in macOS Big Sur

A vulnerability that exists in macOS Big Sur allows a malicious application to bypass Privacy preferences and take screenshots of the user desktop. Apple is aware of a report that this issue may have been actively exploited.

ScanTitan is the leading website security portal that offers website vulnerability scanning, website malware scanning, uptime monitoring, cyber brand monitoring, defacement monitoring, and continuous threat monitoring and alerting.

Now you can find the latest Scantitan promotions through our official coupon store

Fuente obtenida de:

Kamal Majaiti
Kamal Majaiti
Administrador de sistemas e informático por vocación.
Publica un comentario

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

Este sitio usa Akismet para reducir el spam. Aprende cómo se procesan los datos de tus comentarios.