routers Archives

Winsage

March 4, 2025

Feds add Windows, router vulnerabilities to actively exploited list

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its list of actively exploited vulnerabilities, highlighting several critical exploits. Key vulnerabilities include: - CVE-2023-20118: Affects specific Cisco Small Business Router models (RV016, RV042, RV042G, RV082, RV320, RV325), allowing hackers to remotely execute arbitrary commands via specially crafted HTTP requests, potentially granting root-level privileges. - CVE-2023-20025: Could enable hackers to bypass admin credential requirements for CVE-2023-20118. - CVE-2018-8639: Affects various Windows operating systems (Windows 7, Windows Server 2012 R2, Windows 10) due to the Win32k component's failure to manage memory objects, allowing local attackers to execute arbitrary code in kernel mode. Neither Microsoft nor Cisco has issued specific security advisories regarding these vulnerabilities.

Winsage

March 4, 2025

CISA Alerts on Active Exploitation of Cisco Small Business Router Flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert about a command injection vulnerability (CVE-2023-20118) affecting Cisco Small Business RV Series Routers, which are end-of-life. This vulnerability, rated 6.5 on the CVSSv3.1 scale, allows authenticated attackers to execute arbitrary commands with root privileges. The affected models include RV016, RV042, RV042G, RV082, RV320, and RV325, running firmware versions released before April 2023. Cisco will not provide patches for these devices. CISA mandates that federal agencies either implement mitigations or stop using the routers by March 24, 2025. Private organizations are also encouraged to address the issue, especially due to exploitation attempts linked to the PolarEdge botnet campaign. Administrators are advised to restrict administrative access, monitor logs for unusual activity, and consider decommissioning affected devices. The continued use of unpatched routers poses significant risks to critical infrastructure, particularly in small business and remote work environments.

Winsage

March 4, 2025

CISA tags Windows, Cisco vulnerabilities as actively exploited

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory for U.S. federal agencies to enhance their defenses against cyberattacks targeting vulnerabilities in Cisco and Windows systems. Two specific vulnerabilities have been identified: 1. CVE-2023-20118, which allows attackers to execute arbitrary commands on certain VPN routers, requiring valid administrative credentials for exploitation. This vulnerability can be combined with CVE-2023-20025, an authentication bypass that grants root privileges to attackers. Cisco acknowledged this issue in an advisory in January 2023, with proof-of-concept exploit code publicly available. 2. CVE-2018-8639, a Win32k elevation of privilege flaw that allows local attackers to execute arbitrary code in kernel mode, enabling data manipulation and unauthorized account creation. Microsoft issued a security advisory regarding this vulnerability in December 2018, affecting both client and server platforms. CISA has added both vulnerabilities to its Known Exploited Vulnerabilities catalog, requiring Federal Civilian Executive Branch agencies to secure their networks against these vulnerabilities by March 23, as per the Binding Operational Directive 22-01. Additionally, CISA has alerted federal agencies to another critical vulnerability, CVE-2024-21413, in Microsoft Outlook, requiring patches by February 27.

Winsage

March 4, 2025

U.S. CISA adds Multiple Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Gold flaws to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog, which now includes several significant security flaws: - CVE-2023-20118: A command injection vulnerability in Cisco Small Business RV Series Routers with a CVSS score of 6.5, allowing authenticated remote attackers to execute arbitrary commands. Cisco will not provide a fix for this issue. - CVE-2022-43939: An authorization bypass vulnerability in the Hitachi Vantara Pentaho BA Server. - CVE-2022-43769: A special element injection vulnerability in the Hitachi Vantara Pentaho BA Server. - CVE-2018-8639: An elevation of privilege vulnerability in Microsoft Windows with a CVSS score of 7.8, allowing an attacker to run arbitrary code in kernel mode. - CVE-2024-4885: An unauthenticated remote code execution vulnerability in Progress WhatsUp Gold with a CVSS score of 9.8, allowing command execution with iisapppoolnmconsole privileges. CISA has mandated that federal agencies address these vulnerabilities by March 24, 2025, under Binding Operational Directive (BOD) 22-01, and advises private organizations to review the KEV catalog for necessary actions.