Annual Vulnerability Report Insights - 2022
- 1. SecPod Labs Intelligence Series
2022 Annual Vulnerability
Report Insights
Webcasts
Host – Sakshi Dhiman
Veerendra GG and Pooja Shetty
Security Intelligence Team
- 2. TODAY’S
AGENDA 2023 Vulnerability Predictions
Questions and Answers
Top Vulnerabilities of 2022
02
Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
SecPod’s Security Coverage
- 3. Annual Vulnerability Report
Vulnerabilities Discovered January - December 2022
Top Vulnerabilities
Top Affected Products
SecPod’s Security Coverage
Key Insights and Predictions
03
Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
- 4. Key Findings
From SecPod’s
Research
04
Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
26288
Vulnerabilities
discovered in 2022
191
Vulnerabilities wildly
exploited
37
Zero Day Vulnerabilities
124
Malware Exploiting
Vulnerabilities
- 11. Products Affected
Remote PHP Code Execution
Web shell deployment
Remote access trojan (RAT)
Adobe Commerce versions
2.4.3-p1 and earlier and 2.3.7-
p2 and earlier
CVE ID
CVE-2022-24086
Unauthenticated Remote Code Execution in Adobe Commerce
11
Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
Impact
- 12. Products Affected
An authentication bypass
vulnerability allows remote code
execution.
Sophos Firewall v18.5 MR3
(18.5.3) and older
CVE ID
CVE-2022-1040
An Authentication Bypass Vulnerability in Sophos Firewall
12
Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
Impact
- 13. Products Affected
Once privilege escalation is
achieved attackers use it for further
deploying malware, accessing
confidential information.
This could allow them to spread
laterally inside the network, create
new administrator users, and run
privileged command
The vulnerability was under active
exploitation
Windows 10 1809 and above
including servers
CVE ID
CVE-2022-21882
Local Privilege Escalation Vulnerability in Microsoft Windows
13
Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
Impact
- 14. Products Affected
Type confusion vulnerability in
Apple's Webkit web browser
browsing engine. This bug was
actually reported and initially fixed
in 2013. In 2016 the fix was
regressed
The vulnerability was under active
exploitation
Safari 15.3, iOS 15.3, macOS
12.2 and earlier
CVE ID
CVE-2022-42856
Type confusion vulnerability in Apple's Webkit web browser engine.
14
Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
Impact
- 15. Products Affected
StringSubstitutor interpolator is not
as widely used as the string
substitution in Log4j, which led to
Log4Shell.
The severity is Critical due to the
easy exploitability and the huge
potential impacts in terms of
confidentiality, integrity and
availability.
Apache Commons Text Library
CVE ID
CVE-2022-42889
Text4shell RCE in String Substitutor interpolator class in Apache
Commons Text Library
15
Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
Impact
- 16. Products Affected
The issue results from the lack of
validating the existence of an object
prior to performing operations on
the object
Linux kernel: before 5.15.61
CVE ID
CVE-2022-47939
Linux Kernel ksmbd Critical Use-After-Free Remote Code Execution
Vulnerability
16
Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
Impact
- 17. SecPod’s Security Intelligence Coverage in 2022
7
Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
Total CVEs Covered: 22597
Zero-day CVEs Covered: 34
CISA Vulnerability Coverage:
741/868
Total Misconfigurations covered:
2938
Total MVEs Covered: 124
Posture Anomaly Computation
Rules
75+ rules to discover anomalies,
outliers, and aberrations in IT
infrastructure
Common Remediation Enumeration
(CRE) Coverage
Application Patches: 1152
Third-party patches: 802
Misconfiguration patches: 2812
OS Patches: All Latest Versions
CVE Coverage Based on
Platforms
Windows: 1380
Linux: 8074
macOS: 2416
- 18. 2022’s Milestones
18
Copyright © 2008 - 2022 SecPod Technologies - AUTHORISED USE ONLY
24-30 hours is the average time taken to
support latest vulnerabilities
85% of Microsoft & Apple security advisories
were covered within 30 hours
100% of discovered Zero Days were covered
86.4% of the Zero days can be fixed using
SanerNow (except Mobile and Network devices)
1.1+ billion scans performed in 2022
99.999645%scan accuracy rate achieved
- 21. ACHIEVE CYBER HYGIENE
TRY SANERNOW FREE
For enquiries, contact us at:
Email: info@secpod.com | Tech Support: support@secpod.com
Phone: (+1) 918 625 3023 (US) | (+91) 80 4121 4020 (IN)
WWW.SECPOD.COM
To request a free trial account, visit our website or email
us at info@secpod.com