Key findings
The collected NIST data on Common Vulnerabilities and Exposures (CVEs) shows that the security and vulnerability trends have outnumbered the sum total of vulnerabilities reported in the 10 years prior.
A total of 18,103 vulnerabilities were reported in 2020, at an average rate of 50 CVEs per day, by security professionals, researchers, and vendors.
Fifty-seven percent (i.e. 10,342) of the total were classified as critical or high severity.
Four thousand vulnerabilities were described as the worst of the worst, while 63% of the total were low complexity CVEs.
Among all the CVEs recorded in 2020, 68% of those require no user interaction of any kind to exploit.
Overall 15% (2,708) were classified as critical, 42% (7,634) as high, 40% (7,359) as medium, and 2% (402) as low severity.
Prominent examples
Some of the prominent vulnerabilities disclosed in 2020 include:
Recent notable incidents
In December 2020, Dark Halo actor (association with UNC2452) had exploited a vulnerability (CVE-2020-0688) in the SolarWinds’s Microsoft Exchange Control Panel.
The Fox Kitten group was seen exploiting several vulnerabilities, including (CVE-2020-5902) (in BIG-IP), CVE-2019-11510 (Pulse Secure), and CVE-2018-13379 (Fortinet FortiOS), among others.
The threat continues
Vulnerability management has gradually turned into an increasingly critical and complicated task for organizations due to the hig ..
Support the originator by clicking the read the rest link below.