NIST NVD Report Shows Increase in Low-Complexity CVEs

NIST NVD Report Shows Increase in Low-Complexity CVEs

Common vulnerabilities and exposures, or CVEs, are seemingly increasing at a faster rate as a proportion of the overall number of bugs reported, which, according to a survey, have increasingly risen as per the cybersecurity teams. These are very easy to exploit. 

Recently, Redscan, a managed detection, response, and pen-testing professional, evaluated more than 18,000 CVEs filed in the National Vulnerability Database (NVD) of the U.S. National Institute of Standards and Technology (NIST) in 2020 and published a report, NIST Security Vulnerability Trends in 2020: An Analysis.

It shows that just over half (57%) is graded as "high" and "critical" - the most significant figure reported in any year till date. The report often discusses the increase in low difficulty vulnerabilities and the rise of those vulnerabilities that do not involve user interaction. That means that an attacker can take advantage of the user with limited technical skills as well. According to the research, this number has hiked since 2017, after declining dramatically between 2001 and 2014. These developments demonstrate the need for companies to enhance the awareness of wild vulnerabilities and to follow a multi-layered approach for the management of vulnerabilities. In 2020, almost 4000 vulnerabilities can be defined as the “worst of worst” – meeting the worst criteria for all types of NVD filters. 

The research report says, “The prevalence of low complexity vulnerabilities in recent years means that sophisticated adversaries do not need to ‘burn’ their high complexity zero-days on their targets and have the luxury of saving them for future attacks instead.” 

“Low complexity vulnerabilities lend themselves to mass exploitation as the attacker does not need to consider any extenuating factors or issues with an attack path. This situation is w ..

Support the originator by clicking the read the rest link below.