Concerned about recent PAN-OS and other firewall/VPN CVEs? Take advantage of Zscaler’s special offer today

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Products & Solutions

2021 “Exposed” Report – An Exposé on the True Corporate Network Attack Surface

June 15, 2021 - 4 min read

Exposure noun

ex·​po·​sure |  \ ik-ˈspō-zhər
a: the condition of being made known
b: the condition of being unprotected
c: the condition of being subject to some effect
d: the condition of being at risk of financial loss
e: all of the above

The word “exposure” has come up a lot over the last year, especially with regard to our physical health, but also the health of our corporate networks. In fact, these two realms of exposure are more closely related than we may have previously thought.

As COVID-19 has forced many organizations to declare WFH orders to limit exposure to employees, remote work has increased the exposure to corporate networks due to the heavy reliance on the internet as the connective means for the business.

Cybercriminals have been quick to take advantage of this exposure and are exploiting the fact that remote access has created opportunities to target remote workers, their devices, and the tools they use to access the internet, applications, and critical business systems while away from the office. This increase in VPN, RDP, and network-focused attacks puts businesses at risk, as direct access to the corporate network enables cybercriminals to move laterally throughout an organization’s infrastructure.

The conversation of exposure and attack surface is one that IT and security teams must face head-on to address the expanding attack surface and seek to minimize exposure. But how exposed are corporate networks? The 2021 “Exposed” report answers this question for the first time as it analyzes the visible attack surface of more than 1,500 organizations over the last year, uncovering attack surface trends affecting businesses of all sizes across all geographies and industries.

While you can access the full report here, we wanted to highlight three interesting discoveries we found:

1. Most attack surface is the result of server and port exposure

The highest level of exposure we found came from servers, with 392,298 servers that were discoverable on the internet and possibly vulnerable. Our findings indicate that a total of 68 unique ports were discoverable and were exposed 214,230 times across all exposed servers.

The most exposed ports were:

port exposure


2. CVE vulnerabilities present huge potential risk  

CVE vulnerabilities

We uncovered 202,316 potential CVE vulnerabilities and identified 750 unique exploits across the attack surfaces of these 1,500+ businesses. These numbers result in an average of 135 potential CVE vulnerabilities per company, with 49 percent of them considered “Critical” or “High” in severity.

The three most common CVE vulnerabilities are:

CVE-2018-1312 – CRITICAL – 6.8 CVSS Score

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply-attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.

CVE-2017-7679 – CRITICAL – 7.5 CVSS Score

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious content-type response header.

CVE-2019-0220 – MEDIUM – 5.0 CVSS Score

A vulnerability was found in the Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions, while other aspects of the server’s processing will implicitly collapse them.

Are you exposed?

> Find out now with our free attack surface analysis.


3. Public cloud contributes to exposure, too

The massive shift to work from home has led to a lot of companies relying on cloud services and platforms in order to quickly scale with minimal downtime. Based on our analysis, we discovered 60,572 exposed instances, which averages out to about forty exposure per company monitored. Here’s the breakdown of exposure across some of the top cloud platforms:

cloud exposure


Minimizing your attack surface is an imperative

While the “Exposed” report provides the world’s first view on how exposed corporate networks really are, it’s up to IT and security teams to take steps towards minimizing attack surface. This is just a small glimpse into our findings. See how your company’s attack surface compares to industry peers and get the full report here:

> Download report 

> Measure your attack surface


form submtited
Thank you for reading

Was this post useful?

dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.