CISA Alert: Top Routinely Exploited Vulnerabilities


Last updated on: December 20, 2022

On July 28, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a cybersecurity advisory detailing the top 30 publicly known vulnerabilities that have been routinely exploited by cyber threat actors in 2020 and 2021. Organizations are advised to prioritize and apply patches or workarounds for these vulnerabilities as soon as possible.

The advisory states, “If an organization is unable to update all software shortly after a patch is released, prioritize implementing patches for CVEs that are already known to be exploited or that would be accessible to the largest number of potential attackers (such as internet-facing systems).”

CISA released the advisory in conjunction with the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S. Federal Bureau of Investigation (FBI).

The CISA advisory is similar in scope to the October 2020 United States National Security Agency (NSA)  cybersecurity advisory listing the top 25 known vulnerabilities being actively used by Chinese state-sponsored cyber actors that security teams can detect and mitigate or remediate in their infrastructure using Qualys VMDR.

Top Routinely Exploited Vulnerabilities

Here is the list of top routinely exploited vulnerabilities in 2020 and 2021 along with affected products and associated Qualys VMDR QID(s) for each vulnerability.

CVE-IDsAffected ProductsQualys Detections (QIDs)
CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065Microsoft Exchange50107, 50108
CVE-2021-22893, CVE-2021-22894, CVE-2021-22899, CVE-2021-22900Pulse Secure38838
CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104Accellion38830
CVE-2021-21985VMware730102, 216261, 216260, 216259
CVE-2018-13379, CVE-2020-12812, CVE-2019-5591Fortinet  43702, 43769, 43825
CVE-2019-19781Citrix150273, 372305, 372685
CVE-2020-5902F5- Big IP38791, 373106
CVE-2018-7600Drupal371954, 150218, 277288, 176337, 11942
CVE-2019-18935Telerik150299, 372327

Detect CISA’s Top Routinely Exploited Vulnerabilities using Qualys VMDR

Qualys released several remote and authenticated detections (QIDs) for the vulnerabilities. You can search for these QIDs in VMDR Dashboard using the following QQL query:

vulnerabilities.vulnerability.cveIds: [`CVE-2021-26855`,`CVE-2021-26857`,`CVE-2021-26858`,`CVE-2021-27065`,`CVE-2021-22893`,`CVE-2021-22894`,`CVE-2021-22899`,`CVE-2021-22900`,`CVE-2021-27101`,`CVE-2021-27102`,`CVE-2021-27103`,`CVE-2021-27104`,`CVE-2021-21985`,` CVE-2018-13379`,`CVE-2020-12812`,`CVE-2019-5591`,`CVE-2019-19781`,`CVE-2019-11510`,`CVE-2018-13379`,`CVE-2020-5902`,`CVE-2020-15505`,`CVE-2017-11882`,`CVE-2019-11580`,`CVE-2019-18935`,`CVE-2019-0604`,`CVE-2020-0787`,`CVE-2020-1472`]

Using Qualys VMDR, customers can effectively prioritize this vulnerability for “Active Attack” RTI:

With VMDR Dashboard, you can track top 30 publicly known exploited vulnerabilities, their impacted hosts, their status and overall management in real time. With trending enabled for dashboard widgets, you can keep track of these vulnerabilities trends in your environment using the “CISA: Alert (AA21-209A) | Top Exploited” dashboard.


As guided by CISA, one must do the following to protect assets from being exploited:

  • Minimize gaps in personnel availability and consistently consume relevant threat intelligence.
  • Organizations’ vigilance team should keep a close eye on indications of compromise (IOCs) as well as strict reporting processes.
  • Regular incident response exercises at the organizational level are always recommended as a proactive approach.
  • Organizations should require multi-factor authentication to remotely access networks from external sources, especially for administrator or privileged accounts.
  • Focus cyber defense resources on patching those vulnerabilities that cyber actors most often use.

Remediation and Mitigation

  • Patch systems and equipment promptly and diligently.
  • Implement rigorous configuration management programs.
  • Disable unnecessary ports, protocols, and services.
  • Enhance monitoring of network and email traffic.
  • Use protection capabilities to stop malicious activity.

Get Started Now

Start your Qualys VMDR trial to automatically detect and mitigate or remediate the CISA top 30 publicly known vulnerabilities that have been routinely exploited by cyber threat actors in 2020 and 2021.

Show Comments (3)


Your email address will not be published. Required fields are marked *