The Canadian Centre for Cyber Security (Cyber Centre), a part of CSE, joined the following international partners in issuing a joint publication highlighting the most common vulnerabilities and exposures that that were routinely and frequently exploited by malicious actors in 2022:
- Cybersecurity and Infrastructure Security Agency (CISA)
- National Security Agency (NSA)
- Federal Bureau of Investigation (FBI)
- Australian Cyber Security Centre (ACSC)
- New Zealand National Cyber Security Centre (NCSC-NZ)
- Computer Emergency Response Team New Zealand (CERT NZ)
- National Cyber Security Centre (NCSC-UK)
This advisory provides details on the Common Vulnerabilities and Exposures (CVEs), or publicly disclosed computer security flaws, routinely and frequently exploited by malicious cyber actors in 2022, and the associated Common Weakness Enumeration(s) (CWE). CWE is a system to categorize software and hardware security flaws, or frequently observed implementation defects that can lead to vulnerabilities.
In 2022, malicious cyber actors exploited larger numbers of older software vulnerabilities to target unpatched, internet-facing systems, rather than recently disclosed vulnerabilities. This advisory includes the top 12 vulnerabilities that the Cyber Centre and its co-authors observed being exploited that year.
Vendors, designers and developers are encouraged to adopt the measures detailed in the advisory to ensure that their products are secure by design and default. End-user organizations are strongly encouraged to implement the mitigations measures within the advisory to reduce the risk of compromise by malicious cyber actors.
Read the 2022 Top routinely exploited vulnerabilities.