Attackers are increasingly using zero-day vulnerabilities to compromise enterprise networks, according to a new report listing the top exploits to watch out for.

The 2023 Top Routinely Exploited Vulnerabilities advisory – jointly released by CISA, NSA, and other agencies – details the top 15 Common Vulnerabilities and Exposures (CVEs) from 2023. Of the 15 CVEs on the list, 11 were initially exploited as zero-day vulnerabilities, compared with only two from the previous year’s report.

The top five routinely exploited vulnerabilities are:

• CVE-2023-3519: Affects Citrix NetScaler ADC and NetScaler Gateway; allows an unauthenticated user to cause a stack buffer overflow in the NSPPE process using a HTTP GET request.
• CVE-2023-4966: Affects Citrix NetScaler ADC and NetScaler Gateway; allows session token leakage.
• CVE-2023-20198: Affects Cisco IOS XE Web UI; allows unauthorized users to gain initial access and create a local user and password combination, then log in with normal user access.
• CVE-2023-20273: Affects Cisco IOS XE; following activity from the previous exploit, allows privilege escalation to root privileges.
• CVE-2023-27997: Affects Fortinet FortiOS and FortiProxy SSL-VPN; allows a remote user to craft specific requests to execute arbitrary code or commands.

The report also includes a section on mitigations, which outlines recommended steps to reduce the risk of compromise, such as:

• Update software, operating systems, applications, and firmware in a timely manner.
• Routinely perform automated asset discovery.
• Implement a robust patch management process.
• Document secure baseline configurations for all IT/OT components.
• Perform regular secure system backups.
• Enforce phishing-resistant multi-factor authentication (MFA) for all users.
• Regularly review, validate, or remove unprivileged accounts.

Please refer to the advisory for the complete list of vulnerabilities and other information.