The Cybersecurity and Infrastructure Security Agency, National Security Agency, the FBI and international partners have released a joint advisory on the top 15 routinely exploited vulnerabilities.
Some of the common vulnerabilities and exposures discussed in the advisory are Log4Shell, ProxyLogon and ProxyShell, NSA said Wednesday.
“CISA and our partners are releasing this advisory to highlight the risk that the most commonly exploited vulnerabilities pose to both public and private sector networks," said CISA Director Jen Easterly, who is also a 2022 Wash100 Award winner.
Easterly called on organizations to review their vulnerability management practices and initiate actions to address risks associated with exploited vulnerabilities.
The U.S. federal agencies and cybersecurity partners from Australia, Canada, New Zealand and the U.K. suggested several measures organizations should take to mitigate risks.
These include vulnerability and configuration management, identity and access management and positive controls and architecture.
"This report should be a reminder to organizations that bad actors don't need to develop sophisticated tools when they can just exploit publicly known vulnerabilities," said Rob Joyce, cybersecurity director at NSA, a fellow 2022 Wash100 Award recipient.
"Get a handle on mitigations or patches as these CVEs are actively exploited,” Joyce added.
