Top 20 CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors

SECURITY ALERTS

Top 20 CVEs Actively Exploited By People’s Republic of China State-Sponsored Cyber Actors

DESCRIPTION:
This joint Cybersecurity Advisory (CSA) provides the top Common Vulnerabilities and Exposures (CVEs) used since 2020 by People’s Republic of China (PRC) state-sponsored cyber actors as assessed by the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI). Users and system administrators of affected products are advised to apply patches by reference.

AFFECTED RELEASES:
Please see the reference.

SOLUTION:
1. Users and system administrators of affected products are advised to apply patches by reference.

REFERENCE:
1. https://www.cisa.gov/uscert/ncas/alerts/aa22-279a
2. https://lists.apache.org/thread/lcdqywz8zy94mdysk7p3gfdgn51jmt94
3. https://httpd.apache.org/security/vulnerabilities_24.html
4. https://logging.apache.org/log4j/2.x/security.html
5. https://jira.atlassian.com/browse/CONFSERVER-67940
6. https://jira.atlassian.com/browse/CONFSERVER-79016
7. https://www.tenable.com/security/research/tra-2021-13
8. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR#fs
9. https://support.citrix.com/article/CTX267027/cve201919781-vulnerability-in-citrix-application-delivery-controller-citrix-gateway-and-citrix-sdwan-wanop-appliance
10. https://support.f5.com/csp/article/K52145254
11. https://support.f5.com/csp/article/K23605346
12. https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/
13. https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/
14. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26855
15. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26857
16. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26858
17. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27065
18. https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
19. https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1000776
20. https://kb.vmware.com/s/article/85717
21. https://www.manageengine.com/products/self-service-password/advisory/CVE-2021-40539.html