The 2020 Vulnerability Intelligence Report examines 50 vulnerabilities from 2020 to highlight exploitation patterns, explore attacker use cases, and offer a practical framework for understanding new security threats as they arise. Every CVE in this report dataset includes a defined threat status (including whether actively exploited vulnerabilities were exploited widely or in a more limited, targeted fashion), vulnerability class, and attacker utility. Report findings and data include:
- 14 vulnerabilities that became widespread threats and posed substantial risks to organizations of all sizes in 2020
- Nine vulnerabilities that functioned as network pivots and provided opportunities for external attackers to gain internal network access by exploiting VPNs, firewalls, or other internet-facing technologies
- A look at exploitability trends across vulnerability classes
- An evaluation of prominent patch bypasses or incomplete patches, the majority of which circumvent fixes for known-exploited or high-value parent vulnerabilities
- A spotlight section on vulnerability suites affecting operational technology (OT) and Internet of Things (IoT) technologies co-authored by Rapid7’s partners at SCADAfence
Read the full report here to explore widespread, targeted, and impending threats from 2020.