Vulnerability Trends Summary
As part of our monthly vulnerability trends, this report shows the monthly top 10 trends on security vulnerabilities and how hackers, malware, and exploit kits are exploiting those vulnerabilities. To demonstrate, we assign vulnerability trends value as a percentage of how each vulnerability is significantly gaining the attention of cybersecurity communities, attackers, together with malware. In either case, companies can benefit from the report to have more cyber threat insights and relatively anticipate attacks wave that might target their public assets in the following months.
Subscribe to the monthly vulnerability digest report by clicking here.
The following chart shows the trends.
In May 2021 we see most of the vulnerabilities are already exploited or a Proof-of-Concept (PoC) is already published. The wormable Microsoft IIS/HTTP.SYS remote code execution was the vulnerability of the month. The next in line is privilege escalation in Dell Driver which impacts millions of laptops.
Other critical and important vulnerabilities were discovered in vCenter, Bitcoin Core, and Adobe Reader.
The following table shows the details of the trends.
| CVE | Vulnerability | Publish Date | Exploited | Trends* |
| CVE-2021-31166 | Windows / IIS Remote Code Execution | 11/05/2021 | Yes | 32% |
| CVE-2021-21551 | Privilege Escalation in Dell Driver | 04/05/2021 | Yes | 15% |
| CVE-2021-21985 | vCenter Remote Code Execution | 25/05/2021 | Yes | 12% |
| CVE-2021-22908 | Privilege Escalation in Pulse Connect Secure | 18/05/2021 | Yes | 10% |
| CVE-2021-30747 | Information Disclosure in Apple M1 Chips | 26/05/2021 | Yes | 8% |
| CVE-2021-31876 | DoS in Bitcoin Core | 06/05/2021 | Yes | 7% |
| CVE-2021-1905 | Use After Free in Snapdragon | 07/05/2021 | No | 5% |
| CVE-2021-3493 | Microsoft Hyper-V Remote Code Execution | 11/05/2021 | Yes | 4% |
| CVE-2021-28550 | Command Execution in Adobe Reader | 11/05/2021 | Yes | 4% |
| CVE-2021-30731 | Privilege Escalation in macOS Big Sur | 24/05/2021 | Yes | 3% |
Subscribe to the monthly vulnerability digest report by clicking here.
1. CVE-2021-31166 Windows / IIS Remote Code Execution
A remote code execution vulnerability exists in Microsoft Internet Information Services (IIS) and other components that use HTTP.SYS driver (HTTP Protocol Stack). This vulnerability is critical and wormable.
2. CVE-2021-21551 Privilege Escalation in Dell Driver
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.
3. CVE-2021-21985 vCenter Remote Code Execution
The vSphere Client (HTML5) contains a remote code execution vulnerability with unrestricted privileges code execution. The vulnerability is due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server.
4. CVE-2021-22908 Privilege Escalation in Pulse Connect Secure
A vulnerability was discovered under Pulse Connect Secure (PCS). This includes buffer overflow vulnerability on the Pulse Connect Secure gateway that allows a remote authenticated user with privileges to browse SMB shares to execute arbitrary code as the root user.
5. CVE-2021-30747 Information Disclosure in Apple M1 Chips
Information disclosure via a covert channel in M1 chips of Apple that causes a process to access another process data. This vulnerability is a design flaw and it is unpatchable. However, the risk is low.
6. CVE-2021-31876 DoS in Bitcoin Core
Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes.
7. CVE-2021-1905 Use After Free in Snapdragon
Possible use after free due to improper handling of memory mapping of multiple processes simultaneously which affects most Android devices and there are limited evidences of possible attacks.
8. CVE-2021-28476 Microsoft Hyper-V Remote Code Execution
A remote code execution vulnerability exists in Microsoft Hyper-V. However, Microsoft notes an attacker is more likely to abuse this vulnerability for a denial of service in the form of a bugcheck rather than code execution.
9. CVE-2021-28550 Command Execution in Adobe Reader
Improper neutralization of user data in the DjVu file format in ExifTool allows arbitrary code execution when parsing the malicious image.
10. CVE-2021-30731 Privilege Escalation in macOS Big Sur
A vulnerability that exists in macOS Big Sur allows a malicious application to bypass Privacy preferences and take screenshots of the user desktop. Apple is aware of a report that this issue may have been actively exploited.
ScanTitan is the leading website security portal that offers website vulnerability scanning, website malware scanning, uptime monitoring, cyber brand monitoring, defacement monitoring, and continuous threat monitoring and alerting.
Now you can find the latest Scantitan promotions through our official coupon store.
Fuente obtenida de: https://scantitan.com/blog/monthly-vulnerability-digest/vulnerability-trends-may-2021/
