Mitre has released its rundown of the most widespread and critical vulnerabilities in software, many of which are easy to find and can be exploited by cyber criminals to take over systems, steal data or crash applications and even computers.
The 2021 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses details the most common and most impactful security issues.
The list is based on published Common Vulnerabilities and Exposures (CVE) data, as well as data from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) and the Common Vulnerability Scoring System (CVSS) scores of the CVEs.
Top of the list with the highest score by some margin is CWE-787: Out-of-bounds Write, a vulnerability where software writes past the end, or before the beginning, of the intended buffer. Like many of the vulnerabilities in the list this can lead to corruption of data and crashing systems, as well as the ability for attackers to execute code.
“These weaknesses are dangerous because they are often easy to find, exploit, and can allow adversaries to completely take over a system, steal data, or prevent an application from working,” Mitre said in a blog post.
Mitre Corporation is an US non-for-profit organisation behind the MITRE ATT&CK framework – a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
Second in the list is CWE-79: Improper Neutralization of Input During Web Page Generation, a cross-site scripting vulnerability which doesn’t correctly neutralise inputs before being placed as outputs on a website. This can lead to attackers being able to inject malicious script and allow them to steal sensitive information and send other malicious requests, particularly if they able to gain administrator privileges.
Third in the list is CWE-125: Out-of-bounds Read, a vulnerability which can allow attackers read sensitive information from other memory locations or cause a crash.
While many of the vulnerabilities are potentially very damaging if they’re discovered and exploited by cyber criminals, the weaknesses can often be countered, particularly for those for which a security patch is available. Applying security patches to fix known vulnerabilities is one of the key things that organisations can do to help protect their networks from cyber attacks and intrusions.
The 2021 CWE Top 25 uses NVD data from the years 2019 and 2020, which consists of approximately 32,500 CVEs that are associated with a weakness. The full list is available on the CWE website.
MORE ON CYBERSECURITY
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsAzi is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
