2022 Top Routinely Exploited Vulnerabilities - Released on August 03, 2023 by CISA

On August 3, 2023, CISA, NSA, FBI, and cyber agencies from Australia, Canada, New Zealand, and the UK issued an advisory on the top exploited vulnerabilities in 2022. Key findings show that malicious cyber actors often exploit older, unpatched software vulnerabilities, with PoC codes facilitating these activities. Timely software patching and upgrades have proven effective in mitigating these threats. However, the priority for malicious actors has shifted to severe and globally prevalent CVEs due to their low-cost, high-impact potential. The targeting of vulnerabilities also aligns with their prevalence in specific networks. Multiple CVEs often demand unique signatures that can be detected through deep packet inspection. Timely patching and enhanced threat detection remain crucial.

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a