The Most Exploited Vulnerabilities of 2023

Arctic Wolf Presents

The Most Exploited Vulnerabilities of 2023

There were over 29,000 vulnerabilities published in 2023, amounting to over 3,800 more common vulnerabilities and exposure (CVEs) being issued last year than in 2022. With so many vulnerabilities in play, which ones offered the greatest risk to organizations — and the greatest potential reward for threat actors?
Check out our list of the 30 most exploited vulnerabilities of 2023 and find out.

YoY Vulnerability CVSS v3 Severity Breakdown

* For CVEs published in the last 10 years

More troubling than the sheer volume of vulnerabilities in 2023 is that over half of them were given a CVSS score indicating high or critical severity — an increase of 57% YoY. Exploiting these vulnerabilities proved lucrative for threat actors around the world and wrought significant reputational, financial, and operational damage on the organizations they attacked. As organizations establish their cybersecurity priorities for 2024, it’s vital they look back at how vulnerabilities became data breaches in 2023.

Data as of 2/1/24 | Source: cvedetails.com

A look at the Top 30

In our list of the 30 most exploited vulnerabilities of the year, you'll uncover trends and insights you can use to guide your remediation and vulnerability management plans in the new year. You’ll also discover the fundamentals too many organizations are missing and learn how to leverage them to reinforce your cybersecurity foundation and amplify your resilience.

Filters

Clear filters
Clear filters
9.8/10
Vulnerability Name:

CVE-2023-34362

"The MOVEit Transfer vulnerability" - Exploited by the Cl0p ransomware group. Several high profile companies were listed on their leak site.

7.5/10
Vulnerability Name:

CVE-2023-4966

"Citrix bleed" - Exploited by LockBit 3.0 affiliates and nation-state threat actors.

10/10
Vulnerability Name:

CVE-2023-20198

A maximum severity privilege escalation vulnerability. Over 40,000 Cisco Devices were discovered to be compromised.

9.8/10
Vulnerability Name:

CVE-2023-22518

A critical improper authorization vulnerability that was used to deploy Cerber ransomware.

9.8/10
Vulnerability Name:

CVE-2023-2868

Replace your compromised ESG appliances - UNC4841 exploited this vulnerability to perform espionage. Initial patches by Barracuda were ineffective.

9.1/10
Vulnerability Name:

CVE-2023-20269

Information disclosure vulnerability exploited by the LockBit and Akira ransomware groups to target organizations across a variety of industries.

9.8/10
Vulnerability Name:

CVE-2023-27350

Bl00dy - This vulnerability was exploited by Bl00dy, Cl0p and Lockbit.

9.8/10
Vulnerability Name:

CVE-2023-22515

Broken access control flaw that allowed threat actors to become Confluence administrators.

9.8/10
Vulnerability Name:

CVE-2023-46604

Remote code execution vulnerability observed by Arctic Wolf in association with a ransomware campaign delivering a TellyouThePass variant.

8.8/10
Vulnerability Name:

CVE-2023-36884

Remote code execution vulnerability exploited by Storm-0978.

9.8/10
Vulnerability Name:

CVE-2023-3519

Remote code execution vulnerability used to target a critical infrastructure entity and install a webshell.

9.8/10
Vulnerability Name:

CVE-2023-42793

Russian Foreign Intelligence Service (SVR) affiliated threat actors targeted servers to exploit this vulnerability.

9.8/10
Vulnerability Name:

CVE-2023-28771

Used to build several Distributed Denial of Service (DDoS) botnets.

4.4/10
Vulnerability Name:

CVE-2023-24880

Security feature bypass that allowed 100,000 downloads of malicious MSI files to deliver Magniber ransomware without any security warnings.

9.8/10
Vulnerability Name:

CVE-2023-46747

Critical remote code execution vulnerability that was observed chained with CVE-2023-46748

10/10
Vulnerability Name:

CVE-2023-40044

Deserialization vulnerability that allows a threat actor to obtain remote code execution.

9.8/10
Vulnerability Name:

CVE-2023-26360

Remote code execution vulnerability used to compromise at least two servers belonging to a US government agency.

7.2/10
Vulnerability Name:

CVE-2023-20273

Chained with CVE-2023-20198. Used after initial access to elevate privileges.

9.8/10
Vulnerability Name:

CVE-2023-27997

Remote code execution vulnerability through heap-based buffer overflow.

9.9/10
Vulnerability Name:

CVE-2023-41265

HTTP tunneling vulnerability that leads to privilege esclation. Arctic Wolf observed this vulnerability exploited in a Cactus ransomware campaign.

9.8/10
Vulnerability Name:

CVE-2023-23397

Privilege escalation vulnerability leveraged by Forest Blizzard to provide unauthorized access to email accounts within exchange servers.

9.8/10
Vulnerability Name:

CVE-2023-47246

Remote code execution vulnerability exploited by Lace Tempest

9.8/10
Vulnerability Name:

CVE-2023-20887

Remote code execution vulnerability.

7.2/10
Vulnerability Name:

CVE-2023-0669

Remote code execution exploited by the Cl0p ransomware group to steal data from over 130 organizations.

6.5/10
Vulnerability Name:

CVE-2023-41266

Path traversal vulnerability. Arctic Wolf observed this vulnerability exploited in a Cactus ransomware campaign.

7.5/10
Vulnerability Name:

CVE-2023-49103

Maximum severity information disclosure vulnerability with mass exploitation attempts since at least November 2023.

9.8/10
Vulnerability Name:

CVE-2023-33246

Critical remote code execution vulnerability used by a new version of the Dreambus botnet.

7.8/10
Vulnerability Name:

CVE-2023-28252

Privilege escalation vulnerability leveraged in Nokoyawa ransomware intrusions.

7.5/10
Vulnerability Name:

CVE-2023-29298

Improper access control vulnerability observed chained with CVE-2023-38203 to deliver web shells.

9.8/10
Vulnerability Name:

CVE-2023-35078

Critical authentication bypass vulnerability used to target Norwegian organizations.

2023 Most Exploited Vulnerabilities
AIR DATE: Thursday, February 8, 2024

Nowhere is the need for a renewed focus on cybersecurity fundamentals made clearer than in Arctic Wolf’s annual recap highlighting the most noteworthy, high-profile vulnerabilities. Discover how and why threat actors continue to have success leveraging unpatched, ignored, or otherwise forgotten vulnerabilities to wreak havoc on environments.

Reinforce Your Foundation. Amplify Your Resilience.

In 2024, organizations must ensure that their cybersecurity bedrock is founded on proactive protection and that their resilience against modern threats is amplified. The best way to do that? By learning from the past.
Web icon with blue lines background

2023 Breaches in Review

This year, Arctic Wolf’s annual recap of the top breaches gets an action-packed analysis of what our team of researchers considered the most damaging and impactful breaches of the year.

2024 Arctic Wolf Labs Threat Report

Our annual report offers insights into the strategies and tactics leveraged by threat actors as they sought to profit from business disruptions in 2023, and how to prepare for an uncertain future in 2024.

AVAILABLE FOR DOWNLOAD

What 2023 Taught Us About Vulnerabilities

Remote Code Execution Reigns, But Other Impact Types Had a Very Good Year
Threat actors are continuing to evolve their attacks, evading security solutions by pivoting rapidly and employing multiple paths to value. But the best way to fight back remains a focus on the fundamentals. Download our infographic for quick-hit takeaways to help you reinforce your cybersecurity foundation.

Connect with the Arctic Wolf Cybersecurity Team Today 

A combination of Arctic Wolf security operations solutions coupled with expert insights from our Concierge Security® Team (CST) can guide your organization through Arctic Wolf’s mission to End Cyber Risk. Fill out the form to learn more and we’ll be in touch with you shortly.

Additional Resources For

Security Leaders