Skip to main content

'Critical' bugs and 'no interaction' exploits are becoming more common

(Image credit: Image source: Shutterstock/deepadesigns)

A greater number of high severity vulnerabilities were identified in 2020 than ever before, according to a new report from security company Redscan.

Of a total 18,000 vulnerabilities recorded last year, more than 10,000 were classified as high severity, which is an all-time high. Further, the report claims that low complexity vulnerabilities , which accounted for 63 percent of all flaws, as well as those that require no user interaction to be exploited (68 percent) are also on the rise.

This is serious cause for concern, Redscan suggests. To mitigate the threat, organizations need to focus their attention on patch management and adopt a multi-layered approach to how they manage software vulnerabilities.

The good news is that bugs that can be exploited without user privileges are dwindling, falling from 71 percent in 2016 to 58 percent in 2020.

“When analyzing the potential risk that vulnerabilities pose, organizations must consider more than just their severity score. Many CVEs are never or rarely exploited in the real world because they are too complex or require attackers to have access to high level privileges,” said George Glass, Head of Threat Intelligence at Redscan.

“Underestimating what appear to be low risk vulnerabilities can leave organizations open to ‘chaining’, in which attackers move from one vulnerability to another to gradually gain access at increasingly critical stages.”

The report also states that there has been a “large spike” in physical and adjacent vulnerabilities, which Redscan attributes to the increasing adoption of IoT and smart devices.