For all the zero-days, custom-crafted malware and other completely unknown security vulnerabilities, others have been around for years and are widely used across the board. To showcase this, the fbi (United States Federal Bureau of Investigation), CISA (United States cybersecurity and infrastructure security agency), ACSC (Australian Cyber Security Centre) and NCSC (United Kingdom National Cyber Security Centre) issued a Joint Cybersecurity Advisory. In this Advisory, they broke down the top 30 vulnerabilities used in 2020 and 2021.
Many of these vulnerabilities have been around for years, despite the manufacturer’s and developers’ best efforts. As shown by the “PrintNightmare” vulnerability in Microsoft’s Print Spooler, for example, just because something is known does not mean that it is easily eliminated.
It’s very important to remember while going down this list that every vulnerability in this article is either considered “critical” at some point, and they all have been used extensively. Therefore the major takeaway from all of this is that if you’re using a product listed here, make sure you’re patched immediately.
The FTA server mentioned here is primarily used for transferring very large files. The program itself has been updated over 20 years and has been in sunset status since 2018.