2023 Top Routinely Exploited V... Note

2023 Top Routinely Exploited Vulnerabilities

In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks, allowing them to conduct operations against higher-priority targets. The majority of the most frequently exploited vulnerabilities were initially exploited as zero-day vulnerabilities, which is an increase from 2022. The authoring agencies, including CISA, FBI, NSA, ACSC, CCCS, NCSC-NZ, and CERT NZ, developed this joint Cybersecurity Advisory to provide details on the top 15 vulnerabilities exploited by malicious cyber actors in 2023. These vulnerabilities include code injection, buffer overflow, privilege escalation, command injection, SQL injection, broken access control, remote code execution, improper input validation, and information disclosure. The advisory also provides recommendations for vendors, designers, developers, and end-user organizations to reduce the risk of compromise by malicious cyber actors.