1、 This document is marked TLP:CLEAR.Disclosure is not limited.Sources may use TLP:CLEAR when information carries minimal or no foreseeable risk of misuse,in accordance with applicable rules and procedures for public release.Subject to standard copyright rules,TLP:CLEAR information may be distributed

2、without restriction.For more information on the Traffic Light Protocol,see http:/www.cisa.gov/tlp.Light Protocol,see cisa.gov/tlp.TLP:CLEAR TLP:CLEAR Co-Authored by:Product ID:AA24-317A 2023 Top Routinely Exploited Vulnerabilities Summary The following cybersecurity agencies coauthored this joint Cy

3、bersecurity Advisory(hereafter collectively referred to as the authoring agencies):United StatesUnited States:The Cybersecurity and Infrastructure Security Agency(CISA),the Federal Bureau of Investigation(FBI),and National Security Agency(NSA)AustraliaAustralia:Australian Signals Directorates Austra

4、lian Cyber Security Centre(ACSC)CanadaCanada:Canadian Centre for Cyber Security(CCCS)New ZealandNew Zealand:New Zealand National Cyber Security Centre(NCSC-NZ)and Computer Emergency Response Team New Zealand(CERT NZ)United KUnited Kingdomingdom:National Cyber Security Centre(NCSC-UK)This advisory pr

5、ovides details,collected and compiled by the authoring agencies,on the Common Vulnerabilities and Exposures(CVEs)routinely and frequently exploited by malicious cyber actors in 2023 and their associated Common Weakness Enumerations(CWEs).Malicious cyber actors exploited more zero-day vulnerabilities

6、 to compromise enterprise networks in 2023 compared to 2022,allowing them to conduct operations against high priority targets.The authoring agencies strongly encourage vendors,designers,developers,and end-user organizations to implement the following recommendations,and those found within the Mitiga