We're going to highlight the Top high severity CVEs found by Detectify. Thanks to the Crowdsource global community of handpicked ethical hackers, Detectify users get continuous access to the latest threat findings "from the streets" – even actively exploited vulnerabilities for which there aren't yet any official vendor patches or updates.

Detectify security updates

Since June 2020, our not-your-average Crowdsource hacker community has submitted over 600 vulnerability reports to us, including over 84 zero-days. Sometimes exploits are executed within minutes of discovery across the Internet, which is why the Detectify Security Research team puts an emphasis on deploying hacker-sourced vulnerability research to users as soon as possible.

Unless you're a big brand, attackers will target the tech

One thing we've learned from hosting the Crowdsource ethical hacker community is that hackers of all hats are more likely to start bug hunting by targeting widely used technologies. Apps are built from copies of repos, there are common 3rd party apps hosted and people often show resistance or simply neglect updating software.

We took a roll call on which security test modules have generated the most unique findings in our customer base. Here are the top 5 high severity CVEs found in the past 12 months, in order of criticality.

 "Unique findings" here refers to the amount of unique times this vulnerability has been found on customer web assets vulnerable to this CVE. I.e., if a CVE is detected several times in the same customer asset, it will still count as one unique hit.

*Vulnerabilities with CVSS ver 3.x severity rating of "high" and above (Base Score 7.0-10.0) according to NIST.

CVE-2019-11043: PHP-FPM & NGINX RCE

CVSS Base Score: 9.8 (critical – view on NIST)

This module checks if PHP-FPM in combination with NGINX is using a vulnerable configuration. An attacker can execute system commands on the server.

CVE-2021-22175: Gitlab SSRF

CVSS Base Score: 9.8 (critical)

GitLab prior to versions 10.5 is vulnerable to an SSRF vulnerability on an instance where registration is disabled.On successful exploitation, an unauthenticated attacker will be able to send requests on behalf of the affected service. It may be possible to reach systems on the same intranet as the affected application.

CVE-2020-13638: rConfig authentication bypass

CVSS Base Score: 9.8 (critical )

rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7. An attacker can create administrator accounts on the server.

CVE-2020-1147: Sharepoint Server RCE

CVSS Base Score: 7.8 (high)

This module tests for a RCE vulnerability in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content.

CVE-2020-3452: Cisco ASA LFI

CVSS Base Score: 7.5 (high)

Cisco ASA with a VPN server configured had a local file inclusion vulnerability. Anyone can download files from the web services file system, but not from the ASA or FTD file system.

How can Detectify help with these Top CVEs and more?

Example of a high severity finding in Detectify

image: Detectify shows you the latest vulnerabilities to help you stay on top of active threats.

Detectify pushes security updates every week. Begin a scan for the latest vulnerabilities today. Start a free trial with Detectify here!

To keep up with today's cyber threats, you need crowdsourced, cloud-based and continuous web security that's integrated with development. With Detectify, you get more than a DAST with access to payload-based security tests from the hacker community that go beyond the OWASP Top 10. Check for the latest vulnerabilities with a free 2-week trial.

details on open redirect in detectify UI

image: You get to see all the details of the request and response as well per vulnerability finding.

Source link