It seems like threat actors everywhere could detect my impatience last month when I wrote that not much had changed among the 70-odd CVEs that we track for attack trends, because last month they did something. Actually, to be more precise, they stopped doing some things. This is the first month since September 2022 that CVE-2020-8958, the GPON router OS command injection flaw, was not the top-targeted CVE. Let’s see what CVE took its spot, and which other CVEs changed in July.

July Vulnerabilities by the Numbers

Figure 1 shows the volume of attack traffic for the top ten vulnerabilities in July. In place of CVE-2020-8958, CVE-2017-9841, a remote code execution vulnerability in PHPUnit, took the top spot. We also added a new CVE to our signatures in July, which promptly landed in the fifth spot for the month: CVE-2022-42475, a buffer overflow vulnerability in various versions of Fortigate’s FortiOS and FortiProxy SSL VPNs.