Security News > 2023 > March > 15 million public-facing services vulnerable to CISA KEV flaws

15 million public-facing services vulnerable to CISA KEV flaws
2023-03-31 19:23

Over 15 million publicly facing services are susceptible to at least one of the 896 vulnerabilities listed in CISA's KEV catalog.

Using these custom search queries, the researchers found 15 million instances vulnerable to 200 CVEs from the catalog.

"Overall, over 4.5 million internet-facing devices were identified as vulnerable to KEVs discovered between 2010 and 2020," comments Rezilion in the report.

CVE-2021-40438: medium-severity information disclosure flaw appearing in almost 6.5 million Shodan results, impacting Apache HTTPD servers v2.4.48 and older.

There are still 4,990 systems vulnerable to ProxyLogon, according to Shodan, with 584 located in the U.S. HeartBleed: medium-severity flaw impacting OpenSSL, allowing attackers to leak sensitive information from a process memory.

CISA warns of critical VMware RCE flaw exploited in attacks.


News URL

https://www.bleepingcomputer.com/news/security/15-million-public-facing-services-vulnerable-to-cisa-kev-flaws/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-09-16 CVE-2021-40438 Server-Side Request Forgery (SSRF) vulnerability in multiple products
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.
9.0