2024 was an exceptionally intense year for critical vulnerabilities. From actively exploited zero-days to CVEs affecting millions of infrastructures, here are the 10 that most captured the attention of security teams.
1. CVE-2024-3400 — Palo Alto PAN-OS (CVSS 10.0)
An OS command injection in GlobalProtect Gateway allowed unauthenticated remote code execution. Exploited as a zero-day before patch publication, it affected tens of thousands of internet-exposed firewalls.
Impact: Unauthenticated RCE on perimeter firewalls
Fix: PAN-OS 10.2.9-h1, 11.0.4-h1, 11.1.2-h3
2. CVE-2024-21762 — Fortinet FortiOS (CVSS 9.6)
An out-of-bounds write vulnerability in FortiOS SSL VPN allowed arbitrary remote code execution. CISA added it to its Known Exploited Vulnerabilities (KEV) catalog.
Impact: RCE on FortiGate SSL VPN
Fix: FortiOS 7.4.3+, 7.2.7+, 7.0.14+
3. CVE-2024-1709 — ConnectWise ScreenConnect (CVSS 10.0)
A critical authentication bypass in ScreenConnect allowed the creation of unauthorised admin accounts. Massively exploited within 48 hours of publication — notably to deploy ransomware.
Impact: Auth bypass + RCE
Fix: ScreenConnect 23.9.8+
4. CVE-2024-6387 — OpenSSH "regreSSHion" (CVSS 8.1)
A race condition in OpenSSH server's SIGALRM signal handler — a reintroduction of a vulnerability fixed in 2006. Exploitation is difficult (precise timing required) but possible on 32-bit Linux systems and certain 64-bit configurations.
Impact: Unauthenticated RCE on SSH server
Fix: OpenSSH 9.8p1
5. CVE-2024-4577 — PHP CGI (CVSS 9.8)
A bypass of the CVE-2012-1823 patch in PHP running in CGI mode on Windows. Enables argument injection and arbitrary code execution. Particularly dangerous on XAMPP servers and Windows shared hosting.
Impact: RCE on PHP CGI Windows
Fix: PHP 8.1.29, 8.2.20, 8.3.8
6. CVE-2024-27198 — JetBrains TeamCity (CVSS 9.8)
An authentication flaw in TeamCity CI/CD allowed arbitrary admin account creation without authentication. Exploited by several APT groups to infiltrate development pipelines.
Impact: Auth bypass + admin account creation
Fix: TeamCity 2023.11.4+
7. CVE-2024-23897 — Jenkins (CVSS 9.8)
Arbitrary file reading via the Jenkins CLI exposed secrets, private keys and sensitive configurations. In some cases, this could be escalated to code execution.
Impact: Arbitrary file read + potential RCE
Fix: Jenkins 2.442+, LTS 2.426.3+
8. CVE-2024-30078 — Windows WiFi Driver (CVSS 8.8)
A vulnerability in the Windows WiFi driver allowed arbitrary remote code execution over a shared WiFi network — without user interaction. Particularly risky in public spaces.
Impact: RCE via adjacent WiFi
Fix: Windows Update June 2024
9. CVE-2024-38112 — Windows MSHTML (CVSS 7.5)
A zero-day exploiting Windows MSHTML rendering via malicious .url files. Used in targeted phishing campaigns before the July 2024 patch.
Impact: Code execution via .url files
Fix: Patch Tuesday July 2024
10. CVE-2024-20353 — Cisco ASA/FTD (CVSS 8.6)
A flaw in the SSL VPN of Cisco ASA and Firepower appliances caused denial of service and in some cases code execution. Exploited by the Velvet Ant group in targeted attacks.
Impact: DoS + potential RCE on Cisco VPN
Fix: ASA 9.16.4.67+, FTD 7.2.8+
Key Takeaways
Several trends emerge from this 2024 top 10:
- Perimeter network equipment (VPNs, firewalls) remains the top attack target — direct infrastructure access without going through endpoints.
- DevOps tools (Jenkins, TeamCity) are increasingly targeted — compromising a CI/CD pipeline allows infecting an entire software delivery chain.
- The exploitation window is shrinking — CVE-2024-1709 was mass-exploited in under 48 hours after publication.
Continuously monitor CVEs affecting your assets with cveo.tech — automatic alerts as soon as a new vulnerability concerns you.