The US National Security Agency has published today an in-depth report[1] detailing the top 25 vulnerabilities that are currently being consistently scanned, targeted, and exploited by Chinese state-sponsored hacking groups.
All 25 security bugs are well known and have patches available from their vendors, ready to be installed.
Exploits for many vulnerabilities are also publicly available. Some have been exploited by more than just Chinese hackers, being also incorporated into the arsenal of ransomware gangs, low-level malware groups, and nation-state actors from other countries (i.e., Russia and Iran).
"Most of the vulnerabilities listed below can be exploited to gain initial access to victim networks using products that are directly accessible from the Internet and act as gateways to internal networks," the NSA said today.
The US cyber-security agency urges organizations in the US public and private sector to patch systems for the vulnerabilities listed below.
These include:
1) CVE-2019-11510[2] - On Pulse Secure VPN servers, an unauthenticated remote attacker can send a specially crafted URI to perform an arbitrary file reading vulnerability. This may lead to exposure of keys or passwords
2) CVE-2020-5902[3] - On F5 BIG-IP proxies and load balancer, the Traffic Management User Interface (TMUI) —also referred to as the Configuration utility— is vulnerable to a Remote Code Execution (RCE) vulnerability that can allow remote attackers to take over the entire BIG-IP device.
3) CVE-2019-19781[4] - Citrix Application Delivery Controller (ADC) and Gateway systems are vulnerable to a directory traversal bug, which can lead to remote code execution without the attacker having to possess valid credentials for the device. These two issues can be chained to take over Citrix systems.
4+5+6) CVE-2020-8193[5],