A Third of 2018’s Vulnerabilities Have Public Exploits, 50% Can be Exploited Remotely
Over 22,000 new vulnerabilities were disclosed during 2018, according to Risk Based Security’s 2018 Year End Vulnerability QuickView Report. While approximately 33% of published vulnerabilities received a CVSSv2 score of 7 or above, the number of vulnerabilities scoring 9 or above declined for the third year in a row.
The report confirms that CVE / National Vulnerability Database continues to face challenges staying up-to-date with the relentless pace of new disclosures. The research team at Risk Based Security (RBS) catalogued 6,780 more vulnerabilities than CVE/NVD. This is notable as it represents nearly 31% of all the published vulnerabilities in 2018.
The report also shows that 32.7% of 2018’s vulnerabilities have public exploits and 50.5% can be exploited remotely, meaning that few of the reported vulnerabilities require any type of physical proximity to a system or a device to be exploited. Another revealing finding, 27.1% of vulnerabilities had no known solution, which unfortunately is up 5% from 2017 based on current data. And for those following the hot topic of bug bounty programs, almost 8% of vulnerabilities were coordinated through bug bounty programs – a solid increase from the 5.8% last year.
Read more: Help Net Security