A total of 26,447 vulnerabilities were disclosed in 2023, surpassing the previous year by over 1500 CVEs.
The figures come from the latest report by the Qualys Threat Research Unit (TRU), published today.
Notably, less than 1% of these vulnerabilities posed the highest risk, being actively exploited in the wild by ransomware, threat actors and malware.
Key findings revealed that 97 high-risk vulnerabilities, likely to be exploited, were not part of the CISA Known Exploited Vulnerabilities catalog. Additionally, 25% of high-risk vulnerabilities were exploited the same day they were published.
The deep dive into the vulnerability threat landscape also highlighted that over 7000 vulnerabilities had proof-of-concept exploit code, while 206 had weaponized exploit code, increasing the likelihood of successful compromises.
The report revealed that 32.5% of high-risk vulnerabilities affected network devices and web applications, emphasizing the need for a comprehensive vulnerability management strategy.
The Qualys TRU also shed light on the mean time to exploit high-risk vulnerabilities in 2023, standing at 44 days.
Top MITRE ATT&CK tactics and techniques used in exploits include the exploitation of remote services, public-facing applications and privilege escalation.
No tags.
