Ethical Hacking News
CISA has alerted US federal agencies to take immediate action to address actively exploited vulnerabilities in Cisco and Windows systems, including CVE-2023-20118 and CVE-2018-8639. Affected organizations must act swiftly to secure their networks and prevent potential attacks.
CISA has warned US federal agencies to immediately secure their systems against ongoing attacks exploiting vulnerabilities in Cisco and Windows systems. The first vulnerability (CVE-2023-20118) allows attackers to execute arbitrary commands on certain VPN routers, while the second vulnerability (CVE-2018-8639) enables local attackers to run arbitrary code in kernel mode on Windows devices. CISA has added these two vulnerabilities to its Known Exploited Vulnerabilities catalog and urged agencies to take action within three weeks until March 23. Microsoft and Cisco have not yet updated their security advisories, highlighting the need for swift action from affected agencies. The US government is prioritizing cybersecurity efforts to keep federal systems secure against threats like these.
CISA has issued a stern warning to US federal agencies, urging them to take immediate action to secure their systems against ongoing attacks that are exploiting vulnerabilities in Cisco and Windows systems. The cybersecurity agency has tagged these flaws as actively exploited in the wild, leaving many organizations vulnerable to potential attacks.
The first vulnerability, tracked as CVE-2023-20118, enables attackers to execute arbitrary commands on certain RV016, RV042, RV042G, RV082, RV320, and RV325 VPN routers. While this requires valid administrative credentials, it can still be achieved by chaining the CVE-2023-20025 authentication bypass, which provides root privileges. Cisco has been aware of this vulnerability since January 2023 and updated its advisory in February 2024 to reflect the latest information on the exploit code.
The second vulnerability, CVE-2018-8639, is a Win32k elevation of privilege flaw that allows local attackers to run arbitrary code in kernel mode. Successful exploitation also enables attackers to alter data or create rogue accounts with full user rights, effectively giving them control over vulnerable Windows devices. This vulnerability impacts both client and server platforms, including Windows 7 or later, and Windows Server 2008 and up.
CISA has added these two vulnerabilities to its Known Exploited Vulnerabilities catalog, which lists security bugs that the agency has identified as being actively exploited in attacks. As mandated by the Binding Operational Directive (BOD) 22-01 issued in November 2021, federal civilian executive branch agencies now have three weeks, until March 23, to secure their networks against ongoing exploitation.
"These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA said in a statement. "We urge all affected organizations to take immediate action to address these vulnerabilities and prevent potential attacks."
Microsoft and Cisco have not yet updated their security advisories after CISA tagged the two vulnerabilities as actively exploited in attacks, highlighting the need for swift action from affected agencies.
In early February, CISA also announced that a critical Microsoft Outlook remote code execution (RCE) vulnerability (CVE-2024-21413) was being exploited in ongoing attacks and ordered federal agencies to patch their systems by February 27. The agency's efforts to keep US federal systems secure against such threats are a key priority for the country's cybersecurity.
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Alerts-US-Federal-Agencies-to-Take-Immediate-Action-Against-Actively-Exploited-Cisco-and-Windows-Vulnerabilities-ehn.shtml
https://www.bleepingcomputer.com/news/security/cisa-tags-windows-and-cisco-vulnerabilities-as-actively-exploited/
https://www.cisa.gov/news-events/alerts/2025/03/03/cisa-adds-five-known-exploited-vulnerabilities-catalog
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a
https://nvd.nist.gov/vuln/detail/CVE-2023-20118
https://www.cvedetails.com/cve/CVE-2023-20118/
https://nvd.nist.gov/vuln/detail/CVE-2023-20025
https://www.cvedetails.com/cve/CVE-2023-20025/
https://nvd.nist.gov/vuln/detail/CVE-2018-8639
https://www.cvedetails.com/cve/CVE-2018-8639/
https://nvd.nist.gov/vuln/detail/CVE-2024-21413
https://www.cvedetails.com/cve/CVE-2024-21413/
Published: Mon Mar 3 12:50:11 2025 by llama3.2 3B Q4_K_M
