AdvisoryAdvisoriesCISAAA23-215A

August 3, 2023

2022 Top Routinely Exploited Vulnerabilities

August 3, 2023

What we know so far

This advisory highlights the Common Vulnerabilities and Exposures (CVEs) that were frequently exploited by malicious cyber actors in 2022, with a particular emphasis on older software vulnerabilities and unpatched, internet-facing systems. The authoring agencies strongly recommend vendors, designers, developers, and end-user organizations to follow the suggested mitigations. For vendors and developers, this involves implementing secure-by-design principles and adhering to the Secure Software Development Framework (SSDF) throughout the software development life cycle. Additionally, end-user organizations are advised to apply timely patches, employ a centralized patch management system, and use security tools to enhance product security and protect against cyber threats.

Arrow Right

Schedule a test

Subscribe to advisory alerts

Be immediately notified of new advisories and associated security tests

More advisories