The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently expanded its list of actively exploited vulnerabilities, a move that underscores the pressing need for vigilance among U.S. federal agencies. This update, first reported by BleepingComputer, highlights several critical exploits currently being leveraged by malicious actors in the digital landscape.
Key Vulnerabilities Identified
Among the vulnerabilities now under scrutiny is CVE-2023-20118, which poses a significant risk to specific VPN routers, including the Cisco Small Business Router models RV016, RV042, RV042G, RV082, RV320, and RV325. CISA has indicated that this exploit enables hackers to remotely execute arbitrary commands by sending specially crafted HTTP requests to the web-based management interface of these devices. A successful exploitation could grant an attacker root-level privileges, allowing unauthorized access to sensitive data.
While exploiting this vulnerability typically requires admin credentials, BleepingComputer notes that hackers could potentially circumvent this requirement by leveraging another vulnerability, CVE-2023-20025. This dual threat amplifies the urgency for organizations to bolster their cybersecurity measures.
Additionally, CISA has flagged CVE-2018-8639, a vulnerability affecting a wide range of Windows operating systems, including Windows 7, Windows Server 2012 R2, and Windows 10, among others. This particular flaw arises from the Win32k component’s failure to manage objects in memory adequately. An attacker with local access to a vulnerable system could exploit this weakness to execute arbitrary code in kernel mode, potentially leading to data alteration or the creation of rogue accounts with full user rights, thereby compromising the integrity of the affected devices.
As of now, neither Microsoft nor Cisco has issued specific security advisories regarding these vulnerabilities, leaving organizations to navigate these risks with heightened awareness and proactive measures.
