37.3% of Vulnerabilities in 2019 Had Available Exploit Code or a Proof of Concept
February 18, 2020 • RBS
Today we released our 2019 Year End Vulnerability QuickView Report which encompasses the trends occurring within the computer vulnerability disclosure landscape. Our VulnDB team aggregated 22,316 newly-disclosed vulnerabilities during 2019, finding that 37.26% had available exploit code or a Proof of Concept and that 33.43% of all vulnerabilities in 2019 had a CVSSv2 score of 7.0 and above.
|IN THE NEWS|
|HelpNet Security||A third of all vulnerabilities in 2019 had a CVSS v2 score of 7.0 and above|
|Security Week||Over 22,000 Vulnerabilities Disclosed in 2019: Report|
Risk Based Security also identified a total of 302 vulnerabilities in Electronic Voting Machines (EVMs), 289 of which have no known solution.
“As with any device that relies on code, there are vulnerabilities that can affect the system’s integrity and you don’t want anyone tampering with them. Only 13 EVM vulnerabilities have a known solution. To make matters worse, of those, only one has a CVE ID assigned and can be found cataloged in the U.S. National Vulnerability Database.Brian Martin, VP of Vulnerability Intelligence, Risk Based Security
EVMs with vulnerabilities have been used in past election, and will no doubt be used again in our next elections. It doesn’t matter what politics or beliefs you subscribe to; the essence of democracy is a free, fair and secure election that captures the will of the people. The lack of visibility on this issue should be of deep concern to every American.”
The full research is highlighted in the just released 2019 Year End Vulnerability QuickView Report. Additional key findings comment on the increasing amount of vulnerability disclosures being released on the same day due to “Patch Tuesday”. Despite initial good intentions, “Patch Tuesday” is turning into a nightmare for many organizations, with 2019 reaching an all-time high of 327 vulnerabilities being disclosed in a single day.
About the QuickView Report and VulnDB
The quarterly Vulnerability QuickView report is a service of VulnDB, which is the world’s most comprehensive, detailed and timely source of vulnerability intelligence and third-party library monitoring.
It provides actionable intelligence about the latest in security vulnerabilities through an easy-to-use SaaS portal, RESTful APIs, and e-mail alerting. Leveraging VulnDB is simpler than ever with our connectors to Splunk, RSA Archer, ServiceNow, GitHub, Polarity, Brinqa, Device42, Recorded Future, and more.