"Nearly Two-Thirds of CVEs Are Low Complexity"
Researchers at Redscan have analyzed 18,000+ Common Vulnerabilities and Exposures (CVEs) recorded in NIST's National Vulnerability Database (NVD). The researchers found that there were more CVEs reported in 2020 than any year previously. Over half (57%) of vulnerabilities in 2020 were classified as "critical' or "high" severity, amounting to over 10,300 CVEs. The researchers also found that 63% of the total number disclosed in 2020 were classed as "low complexity," which means an attacker with low technical skills could exploit them. The number of vulnerabilities classed as "low complexity" has been on the rise since 2017, after mainly falling between 2001 and 2014, according to the researchers. The vulnerabilities that require no user interaction to exploit are also on the rise, representing 68% of all CVEs recorded in 2020.
Infosecurity reports: "Nearly Two-Thirds of CVEs Are Low Complexity"