A four-year-old critical security flaw impacting Fortinet FortiOS SSL has emerged as one of the most routinely and frequently exploited vulnerabilities in 2022.
“In 2022, malicious cyber actors exploited older software vulnerabilities more frequently than recently disclosed vulnerabilities and targeted unpatched, internet-facing systems,” cybersecurity and intelligence agencies from the Five Eyes nations, which comprises Australia, Canada, New Zealand, the U.K., and the U.S., said in a joint alert.
The continued weaponization of CVE-2018-13379, which was also one among the most exploited bugs in 2020 and 2021, suggests a failure on the part of organizations to apply patches in a timely manner, the authorities said.
“Malicious cyber actors likely prioritize developing exploits for severe and globally prevalent CVEs,” according to the advisory. “While sophisticated actors also develop tools to exploit other vulnerabilities, developing exploits for critical, wide-spread, and publicly known vulnerabilities gives actors low-cost, high-impact tools they can use for several years.”
images from Hacker News