The American organization MITER has published its list of the most common and dangerous software vulnerabilities, many of which are easy to find and can be exploited by cybercriminals.
2021 version of the study The 25 most important programs of the most dangerous vulnerabilities Details of the most common and important security issues.
The list is based on data published in the Common Violent Vulnerability Evidence (CVE), as well as data from the National Institute of Standards and Technology (NIST) National Vulnerabilities Database (NVD) and CVSS scores (common vulnerabilities). ) of CVEs.
At the top of the list, with the highest score, is CWE-787: Write out of bounds, which is a vulnerability where a program writes after the end of the intended buffer or before its start. Like many of the vulnerabilities on the list, this can lead to data corruption and system crashes, as well as potentially executing code for attackers.
“These vulnerabilities are dangerous because they are often easy to find and exploit and can allow adversaries to gain complete control of the system, steal data, or prevent an application from running,” Mitri said in a report.
Miter Corporation is an American non-profit organization that has created the MITER ATT & CK framework – a globally accessible database of adversarial tactics and techniques, based on real-world observations.
The second loophole in the list is CWE-79 : improper neutralization of input during web page creation, a cross-site scripting vulnerability that does not properly neutralize input before it is output to a web site. This can lead attackers to inject malicious scripts and allow them to steal sensitive information and send other malicious requests, especially if they succeed in gaining administrator privileges.
The third point on the list is CWE-125 Read Outside Boundaries: A vulnerability that could allow attackers to read sensitive information from other memory locations or cause a crash.
While many vulnerabilities can be extremely harmful if discovered and exploited by cybercriminals, vulnerabilities can often be remedied, particularly for those who Security patch available. Applying security patches to fix known vulnerabilities is one of the key steps organizations can take to protect their networks from cyberattacks and hacks.
The CWE 2021 Top 25 uses NVD data from 2019 and 2020, which consists of approximately 32,500 CVEs associated with vulnerabilities. The full list is available on the CWE website.
Source : “ZDNet.com”
“Hipster-friendly tv trailblazer. Problem solver. Infuriatingly humble introvert. Reader. Student. Subtly charming bacon maven.”