Welcome to the Sensor Intel Series installment for January 2023. The purpose of this recurring monthly brief is to provide security practitioners with vulnerability targeting intelligence so that they can make better-informed decisions about patching and vulnerability remediation. The source of this intelligence is log data from a globally distributed network of passive sensors. While these sensors collect logs on all ports, we primarily focus on HTTP/S traffic on ports 80 and 443. Furthermore, this brief is largely limited to published vulnerabilities with CVE numbers, although there are a handful of non-CVE vulnerabilities that we track as well because they are particularly interesting, easy to spot, or both.
January attack traffic was particularly notable for the continuing growth of interest in CVE-2020-8958. This is an OS command injection vulnerability in several optical routers from Guangzhou VSOL. While attacker interest in this vuln has remained consistently high for most of the past year, the January traffic blew away the previous record (set last month, also by CVE-2020-8958) by nearly 50%. All other vulnerabilities experienced volumes that are more consistent with the baselines we’ve observed in the last year, leaving us to speculate about the reason behind this enormous growth.
January Vulnerabilities by the Numbers
Figure 1 shows the top ten vulnerabilities and their attack traffic in January. This really illustrates the difference between the volume of traffic attempting to exploit CVE-2020-8958 and, well, everything else. However, CVE-2020-8958 shouldn’t obscure the rapid growth of another vulnerability, the CVE-less and roughly-named “2018 JAWS Web Server Vuln.” This is an authentication bypass vulnerability in the JAWS/1.0 web server installed on several digital video recorders (DVRs).
Support the originator by clicking the read the rest link below.
