The collected NIST data on Common Vulnerabilities and Exposures (CVEs) shows that the security and vulnerability trends have outnumbered the sum total of vulnerabilities reported in the 10 years prior.
A total of 18,103 vulnerabilities were reported in 2020, at an average rate of 50 CVEs per day, by security professionals, researchers, and vendors.
Fifty-seven percent (i.e. 10,342) of the total were classified as critical or high severity.
Four thousand vulnerabilities were described as the worst of the worst, while 63% of the total were low complexity CVEs.
Among all the CVEs recorded in 2020, 68% of those require no user interaction of any kind to exploit.
Overall 15% (2,708) were classified as critical, 42% (7,634) as high, 40% (7,359) as medium, and 2% (402) as low severity.
Some of the prominent vulnerabilities disclosed in 2020 include:
Recent notable incidents
In December 2020, Dark Halo actor (association with UNC2452) had exploited a vulnerability (CVE-2020-0688) in the SolarWinds’s Microsoft Exchange Control Panel.
The Fox Kitten group was seen exploiting several vulnerabilities, including (CVE-2020-5902) (in BIG-IP), CVE-2019-11510 (Pulse Secure), and CVE-2018-13379 (Fortinet FortiOS), among others.
The threat continues
Vulnerability management has gradually turned into an increasingly critical and complicated task for organizations due to the hig ..