It's official — FBI, CISA, and NSA reveal the most exploited vulnerabilities of 2023

A women eye in the background with the UK, US, Canada, Australian and NZ flag as the symbol of the Five-eyes agreement

(Image credit: Shutterstock)

Five Eyes alliance has revealed the most exploited vulnerabilities of 2023
Zero-day exploits were the primary concern, with CVE-2023-3519 was at the top of the list
Businesses urged to patch as soon as possible to stay safe

The Five Eyes intelligence alliance has revealed the most routinely exploited vulnerabilities for 2023. The joint advisory, made with contributions from agencies in the US, UK, Australia, New Zealand, and Canada, has called for organizations to patch the security flaws to mitigate network exposure.

The agencies confirmed what many in the industry will know all too well, that threat actors focus their attacks on zero-day attacks, with 12 out of the top 15 exploited vulnerabilities initially exploited as a zero-day.

“In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets,” the advisory warned.

Injections and escalations

The top vulnerability for 2023 was CVE-2023-3519, a code injection in NetScaler ADC/Gateway using Citrix as the vendor, which was the tactic used in critical infrastructure attacks in the US last year, and had a severity rating of 9.8, making it a critical flaw.

Another high severity flaw in the top three, CVE-2023-20198, was one that Cisco issued a patch for in October 2023, which allowed attackers to create accounts on affected devices with privileged access, gaining full control over the device.

The agencies, as always, strongly encouraged end-user organizations to continually update software and applications, implement a robust patch management process, and perform regular secure systems backups to ensure your company stays safe against cyberattacks.

“Malicious cyber actors continue to have the most success exploiting vulnerabilities within two years after public disclosure of the vulnerability," the advisory warned,

“The utility of these vulnerabilities declines over time as more systems are patched or replaced. Malicious cyber actors find less utility from zero-day exploits when international cybersecurity efforts reduce the lifespan of zero-day vulnerabilities.”

Take a look at our pick of the best antivirus removal software
Five Eyes alliance seizes control of extensive spy tech network used by China
Check out our choices for best ransomware protection tools around

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.