Vulnerability Intel Report

Security, IT, and other teams tasked with vulnerability management and risk reduction frequently operate in high-urgency, high-stakes environments.

Rapid7's 2020 Vulnerability Intelligence Report examines 50 vulnerabilities from 2020 to highlight exploitation patterns, explore attacker use cases, and offer a practical framework for understanding new security threats as they arise. Every CVE in this report dataset includes a defined threat status (including whether actively exploited vulnerabilities were exploited widely or in a more limited, targeted fashion), vulnerability class, and attacker utility.

Report Snap Shot

Report findings and data include:

• 14 vulnerabilities that became widespread threats and posed substantial risks to organizations of all sizes in 2020
• Nine vulnerabilities that functioned as network pivots and provided opportunities for external attackers to gain internal network access by exploiting VPNs, firewalls, or other internet-facing technologies
• A look at exploitability trends across vulnerability classes
• An evaluation of prominent patch bypasses or incomplete patches, the majority of which circumvent fixes for known-exploited or high-value parent vulnerabilities
• A spotlight section on vulnerability suites affecting operational technology (OT) and Internet of Things (IoT) technologies co-authored by Rapid7’s partners at SCADAfence

Read the full report here to explore widespread, targeted, and impending threats from 2020.