Zero-Days Win the Prize for Most Exploited Vulns

Among the top exploited zero-day vulnerabilities were bugs found in systems from Citrix and Cisco.

Dark Reading Staff, Dark Reading

November 13, 2024

1 Min Read
Red ZERO-DAY text amid yellow binary code
Source: JUN LI via Alamy Stock Photo

The Cybersecurity and Infrastructure Security Agency is warning that the most routinely exploited vulnerabilities in 2023 were zero-days in its latest research conducted alongside global cybersecurity authorities.

These findings are a reversal from 2022, when less than half of the most exploited vulnerabilities were zero-days.

CISA's "2023 Top Routinely Exploited Vulnerabilities" report shows that threat actors continue to have success exploiting these kinds of vulnerabilities even two years after public disclosure. After this time frame, the value of the vulnerability tends to decline as patches get applied and systems are replaced.

Some of the top zero-day flaws came from vendors such as Citrix and Cisco, with vulnerabilities involving code injection bugs (CVE-2024-3519), privilege escalation (CVE-2023-20198), and buffer overflow (CVE-2023-4966).

To combat exploitation from threat actors, CISA is urging organizations to check for signs of compromise and keep up with patching CVEs. However, even this may not be enough. Three other tools that CISA recommends are endpoint detection and response (EDR), Web application firewalls, and network protocol analyzers. 

As to why zero-days were among the top exploited, many individuals in the cybersecurity community argued that it's because the quality of software is getting worse.

Others argue that it's because cybercriminals are focusing less on sharing proof-of-concepts (PoC) on forums and more on reserving knowledge about vulnerabilities in-house.

Regardless, CISA provides a variety of mitigation resources for end users and organizations to combat these threats in its study, highlighting identity and access management, protective controls and architecture, and supply chain security. 

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights