AA23-215A: 2022's Top Routinely Exploited Vulnerabilities

On August 3, a joint Cybersecurity Advisory (CSA) AA23-215A coauthored by multiple U.S. and international agencies was released to highlight the top routinely exploited vulnerabilities of 2022. The list contains 42 Common Vulnerabilities and Exposures (CVEs) known to be exploited by malicious actors. The alert urges organizations to patch these known and exploitable vulnerabilities as soon as possible and provides some mitigation recommendations as well. For CVEs that remain unpatched, the CSA encourages organizations to begin investigating for indicators of compromise on unpatched devices.

As we’ve explored in our 2022 Threat Landscape Report (TLR), known and exploitable vulnerabilities remain one of the most persistent threats to organizations. Known vulnerabilities took the top spot in our list of the top five vulnerabilities of 2022 because of the prevalence with which attackers have successfully exploited these unpatched flaws. The joint CSA recognizes this as well, adding that these malicious attackers have targeted “older software vulnerabilities rather than recently disclosed vulnerabilities,” while also highlighting the significance of vulnerabilities in internet-facing systems.

For more information about the CVEs featured in the CSA, including Tenable product coverage for all of the vulnerabilities listed, please visit our blog.