We did ask chatgpt for top application security vulnerabilities observed so far and compared to our data cross-referencing CISA-KEV register to see the top vulnerability exploitable in application security; what we discovered might surprise you.
What are the top vulnerabilities, and what are exploitable?
Fixing issues immediately is only sometimes possible, and managing the increasing number of vulnerabilities is becoming more challengingFixing issues as soon as they appear is only sometimes feasible and having control over the number of defects generated is becoming increasingly problematic.
The current state of vulnerabilities is that there are too many vulnerabilities, too little time to solve them, and too few people; some don’t even matter.
In recent research, only a small number of CVEs were exploitable (10-15%), and the number of vulnerabilities reported yearly is increasing 35% annually.
Improving Vulnerability remediation with EPSS
Image 1 – CVE Evolution over time
On top of the transformational challenges, we saw an acceleration in the number of CVE declared every year with 2022 having 34% more vulnerabilities declared.
What are the top Application Security vulnerabilities in CISA KEV?
We were curious to know what was the top vulnerability from an application and software security perspective and asked Chat GPT the question
even though Chat GPT does not have the data on live website information there is a small trick to ask GPT to get acquainted with a website
can you get acquainted YYY Fixing issues immediately is only sometimes possible, and managing the increasing number of vulnerabilities is becoming more challengingFixing issues as soon as they appear is only sometimes feasible and having control over the number of defects generated is becoming increasingly problematic.
The current state of vulnerabilities is that there are Too many vulnerabilities, too little time to solve them, and too few people, and some don’t even matter.
—
What are the top exploited vulnerabilities from CISA KEV?
can you get acquainted with https://www.cisa.gov/known-exploited-vulnerabilities-catalog and write the top CISA KEV Vulnerability for software
Yes, I can provide information on the Known Exploited Vulnerabilities (KEV) catalogue and identify the top vulnerability related to CISA-KEV for software.
The KEV Catalog lists known vulnerabilities that cybercriminals have exploited in recent attacks. The CISA KEV catalogue is maintained by the Cybersecurity and Infrastructure Security Agency (CISA), a government agency responsible for cybersecurity and infrastructure security in the United States.
One of the top CISA-KEV vulnerabilities for software listed in the KEV Catalog is the CVE-2019-19781 vulnerability in Citrix Application Delivery Controller (ADC) and Gateway. This vulnerability was first reported in December 2019 and quickly identified as high-risk. It allows an attacker to execute arbitrary code on vulnerable systems, which can lead to a complete compromise of the system.
The CVE-2019-19781 vulnerability was actively exploited by cybercriminals in the wild, leading to numerous successful attacks against organizations that had not yet applied the necessary security patches. In response to the threat, CISA issued an alert in January 2020 urging organizations to apply the necessary security patches as soon as possible.
Since the initial discovery of the CVE-2019-19781 vulnerability, several other vulnerabilities related to CISA-KEV have been identified and added to the KEV Catalog. These include vulnerabilities in software such as Microsoft Windows, Apache Struts, and Adobe products. Cybercriminals have exploited these vulnerabilities in recent attacks, highlighting the need for organizations and individuals to remain vigilant and take proactive steps to protect themselves from these threats.
In conclusion, the CVE-2019-19781 vulnerability in Citrix ADC and Gateway is one of the top CISA-KEV vulnerabilities related to software listed in the KEV Catalog. Organizations and individuals should review the catalog regularly and take the necessary steps to protect themselves from these and other known vulnerabilities that are being actively exploited by cybercriminals. Applying security patches and implementing other security controls can go a long way in mitigating the risk of a cyberattack.
CVE-2019-19781 Vulnerability Timeline:
Application security vulnerability timeline: Starting on January 20, 2020, APT41 used the IP address 66.42.98[.]220 to attempt exploits of Citrix Application Delivery Controller (ADC) and Citrix Gateway devices with CVE-2019-19781 (published December 17, 2019).
The initial CVE-2019-19781 exploitation activity on January 20 and January 21, 2020, involved the execution of the command ‘file /bin/pwd’, which may have achieved two objectives for APT41. First, it would confirm whether the system was vulnerable and whether the mitigation wasn’t applied. Second, it may return architecture-related information required for APT41 to successfully deploy a backdoor in a follow-up step.
—-
Exploit Prediction Score / EPSS Analysis :
The information seems to be somehow confirmed by the EPSS ranges
With EPSS data demonstrating that the Citrix Vulnerability is highly exploitable
The vulnerability resided in the top percentile of exploitability
What is the KEV Catalog?
The KEV Catalog lists known vulnerabilities that cybercriminals have exploited in recent attacks. CISA, a government agency responsible for cybersecurity and infrastructure security in the United States, maintains the catalogue. The purpose of the catalog is to provide information to organizations and individuals about the vulnerabilities currently being targeted by cybercriminals, so they can take steps to protect themselves from these attacks.
Why is the KEV Catalog important?
The KEV Catalog is important because it helps organizations and individuals to understand which vulnerabilities are most likely to be exploited by cybercriminals. By keeping track of these vulnerabilities, CISA can provide timely alerts and guidance to help organizations and individuals protect themselves from these threats. The catalog is also helpful for security researchers who want to understand the latest tactics and techniques cybercriminals use.
How quickly should you solve it?
In the case of CVE-2019-19781, Citrix released a patch for the vulnerability on January 19, 2020, about a month after the vulnerability was publicly disclosed. However, attackers started exploiting the vulnerability within days of its disclosure, significantly increasing attacks targeting Citrix ADC and Gateway products.
Conclusion
Leveraging a risk-based approach on vulnerability resolutions and correlating all the current data sources available like CISA KEV, EPSS
The Phoenix Security Approach
Phoenix Security Leverage the power of CISA KEV to select and suggest the vulnerabilities that should be fixed automatically.
Phoenix security takes into account EPSS to calculate the risk exploitation factor.
Get an overview of your asset lineage
If you want to know more about Phoenix security and doing vulnerability management at scale, contact us https://phoenix.security/request-a-demo/
