Another interesting aspect of Figure 3 is identifying when vulnerabilities drop off for periods of time. In October we identified two recently released vulnerabilities, CVE-2022-40684 and CVE-2022-41040, in our logs. Both are severe vulnerabilities; CVE-2022-40684, an authentication bypass vulnerability in various Fortinet security appliances, has a CVSS 3.1 score of 9.8, and CVE-2022-41040, an escalation of privilege vulnerability in Microsoft Exchange Server, has a CVSS 3.1 score of 8.8. CVE-2022-41040, the Exchange Server vulnerability, did not recur in our logs in November (which is good news), whereas CVE-2022-40684 increased in volume by nearly 80 percent (bad news). Owners of vulnerable Fortinet systems should take note and patch aggressively due to this growth in interest. We note that while attention on the other significant Fortinet vulnerability here, CVE-2018-13379, was nearly sixfold the traffic looking for CVE-2022-40684, CVE-2018-13379 is beginning to decline in prominence, so if the current trends continue, the more recent Fortinet vulnerability will eventually supersede it.

Conclusions

As ever, the number one conclusion from the Sensor Intel Series remains constant: patch if you’re vulnerable. Even the low-traffic vulnerabilities on this list have a demonstrated amount of attacker intent, which places them in the minority of vulnerabilities.

Furthermore, significant growth in CVE-2020-8958, alongside the recent addition of CVE-2014-2908 to our logs, should serve as a reminder about the relationship between IoT vulnerabilities and botnets for DDoS. This means that there is another recommendation for all organizations, irrespective of whether their footprint contains any of these vulnerabilities: plan for future DDoS attacks.