The Most Exploited Vulnerabilities of 2022

Arctic Wolf Presents

The Most Exploited Vulnerabilities of 2022

According to the 1National Vulnerability Database (NVD), there were more than 25,200 vulnerabilities published in 2022. Join us as we explore the 34 most high-profile vulnerabilities – and what makes them so dangerous.

1 View Source
Vulnerability Descriptions

2022 was another record-breaking year for vulnerabilities.

If tools alone were enough to solve the problem, they would have by now. Unfortunately, most organizations aren’t properly staffed or trained to make use of the tools they already have, which means vulnerabilities can end up going ignored. It doesn’t have to be this way.
Learn how the Arctic Wolf® Security Operations Cloud and 24×7 Concierge Security® solutions ensure you’re always ready to fight back against cyberattacks.

Fill out the form below to learn how Arctic Wolf can help prevent cyberattacks.

Filters

Filters

Clear filters

Minimum Score: 0

CVE ID Number

CVE-2021-1647

aw-bandaid-icon-white-lg.png
CVE Patch

7.8 CVSS V3 SCORE

CRITICAL NVD Risk Rating

x

Vulnerability NAME Microsoft Defender RCE

An authentication bypass vulnerability exposed by the Windows File Share Browser and Pulse Secure Collaboration features of Pulse Connect Secure that can allow an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway.

Product Microsoft Defender

Type Remote Code Execution (RCE)

Vendor Microsoft

Clear filters
Vulnerability Name

CVE-2022-21907

aw-bandaid-icon-white-lg.png
CVE Patch

9.8 CVSS V3 SCORE

critical NVD Risk Rating

x

Vulnerability NAME CVE-2022-21907

HTTP protocol stack remote code execution vulnerability.

Product HTTP protocol stack- Windows Internet Information Services (IIS) component

Type Remote Code Execution

Vendor Microsoft

Vulnerability Name

CVE-2021-44228 - Log4Shell

aw-bandaid-icon-white-lg.png
CVE Patch

10 CVSS V3 SCORE

critical NVD Risk Rating

x

Vulnerability NAME CVE-2021-44228 - Log4Shell

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Product Log4J

Type Remote Code Execution

Vendor Apache

Vulnerability Name

CVE-2021-20038

aw-bandaid-icon-white-lg.png
CVE Patch

9.8 CVSS V3 SCORE

critical NVD Risk Rating

x

Vulnerability NAME CVE-2021-20038

A Stack-based buffer overflow vulnerability in SMA100 Apache https server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions.

Product SMA100 Series

Type Remote Code Execution

Vendor SonicWall

Vulnerability Name

CVE-2021-4034

aw-bandaid-icon-white-lg.png
CVE Patch

7.8 CVSS V3 SCORE

high NVD Risk Rating

x

Vulnerability NAME CVE-2021-4034

A local privilege escalation vulnerability was found on Polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

Product Polkit pkexec

Type Privilege Escalation

Vendor Red Hat

Vulnerability Name

CVE-2022-22536 - ICMAD (Internet Communication Manager Advanced Desync)

10 CVSS V3 SCORE

critical NVD Risk Rating

x

Vulnerability NAME CVE-2022-22536 - ICMAD (Internet Communication Manager Advanced Desync)

SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.

Product NetWeaver, Content Server, and Web Dispatcher

Type Remote Code Execution

Vendor SAP

Vulnerability Name

CVE-2022-0847 - Dirty Pipe

aw-bandaid-icon-white-lg.png
CVE Patch

7.8 CVSS V3 SCORE

high NVD Risk Rating

x

Vulnerability NAME CVE-2022-0847 - Dirty Pipe

A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read-only files and as such escalate their privileges on the system.

Product Kernel

Type Privilege Escalation

Vendor Linux

Vulnerability Name

CVE-2022-1040

aw-bandaid-icon-white-lg.png
CVE Patch

9.8 CVSS V3 SCORE