Hundreds of thousands of internet-accessible hosts are potentially exposed to exploits targeting the top routinely exploited vulnerabilities of 2023, VulnCheck reports.

Released last week, the list of 2023’s top exploited vulnerabilities identifies 15 security defects in Apache, Atlassian, Barracuda, Citrix, Cisco, Fortinet, Microsoft, Progress, PaperCut, and Zoho products, and draws attention to 32 other bugs that threat actors were seen frequently exploiting in the wild.

Of the 15 top flaws on the list, eight were exploited as zero-days, some for months before patches were released, while exploitation of four others started within days after public disclosure. Only three were years-old vulnerabilities that threat actors continue to exploit.

According to a new VulnCheck report, these vulnerabilities are ripe for targeting due to a large number of public proof-of-concept (PoC) exploits available and because there are roughly 400,000 internet-accessible systems potentially exposed to attacks.

There are more than 8 public exploits available for 14 of the flaws on the list, and the infamous Log4Shell bug tops the list with over 100 public exploits, followed by Zerologon with 75 exploits.

“At least one PoC was accessible before or on the same day the first evidence of exploitation was publicly disclosed” for these 14 bugs, VulnCheck says.

For 13 of the issues, weaponized exploits exist in the wild, and VulnCheck notes that 5 were weaponized before any public evidence of exploitation.

A look at the malicious activity associated with the list shows that 15 threat actors exploiting them are linked to China, nine with Russia, eight with Iran, three with North Korea, and one with Turkey, while 24 others are of unknown origin.

“We identified 60 named threat actors associated with at least one of the CVEs in CISA’s 2023 list. 13 out of 15 CVEs in the report have named threat actors tied to them. The two CVEs without a threat actor attributed were associated with OwnCloud GraphAPI and Barracuda ESG,” VulnCheck notes.

Using its own detection artifacts, VulnCheck identified roughly 400,000 potentially vulnerable hosts exposed to the internet, with half of them being Fortinet FortiOS appliances. Cisco IOS XE accounted for 92,000 instances, Apache Log4j for 65,000, Citrix Netscaler for 24,000, and OwnCloud GraphAPI for 18,000.

“Organizations should evaluate their exposure to these technologies, enhance visibility into potential risks, leverage robust threat intelligence, maintain strong patch management practices, and implement mitigating controls, such as minimizing internet-facing exposure of these devices wherever possible,” VulnCheck notes.

Related: Oracle Patches Exploited Agile PLM Zero-Day

Related: Citrix, Cisco, Fortinet Zero-Days Among 2023’s Most Exploited Vulnerabilities

Related: Safari 15 Vulnerability Allows Cross-Site Tracking of Users

Related: OpenOffice Vulnerability Exposes Users to Code Execution Attacks

Related: D-Link Warns of RCE Vulnerability in Legacy Routers