Ethical Hacking News
CISA has added five major software companies - Cisco, Hitachi Vantara, Microsoft Windows, and Progress WhatsUp Gold - to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation. These vulnerabilities include command injection, authorization bypass, special element injection, improper resource shutdown, and path traversal flaws. Organizations are urged to apply necessary mitigations by March 24, 2025, to secure their networks against these actively exploited security flaws.
Cisco, Hitachi Vantara, Microsoft Windows, Progress WhatsUp Gold, and other software companies have security flaws being actively exploited in the wild. Cisco Small Business RV Series routers are vulnerable to CVE-2023-20118 due to a command injection vulnerability rated at 6.5 on the CVSS. Hitachi Vantara Pentaho BA Server is affected by two vulnerabilities, CVE-2022-43939 and CVE-2022-43769, which could allow for unauthorized access to sensitive data. Microsoft Windows has a vulnerability in CVE-2018-8639 that allows for local, authenticated privilege escalation. Progress WhatsUp Gold is affected by CVE-2024-4885, a path traversal vulnerability that enables remote code execution. Threat actors are already exploiting these vulnerabilities, with some groups using them to create botnets and launch attacks.
In a recent alert from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), five major software companies - Cisco, Hitachi Vantara, Microsoft Windows, and Progress WhatsUp Gold - have been identified as having security flaws actively exploited in the wild. This latest addition to CISA's Known Exploited Vulnerabilities (KEV) catalog serves as a stark reminder of the importance of timely patch management and proactive cybersecurity measures.
The list of vulnerabilities outlined by CISA includes CVE-2023-20118, a command injection vulnerability present in Cisco Small Business RV Series routers. This flaw, rated at 6.5 on the Common Vulnerability Scoring System (CVSS), enables an authenticated remote attacker to gain root-level privileges and unauthorized access to sensitive data. Due to the routers reaching their end-of-life status, many have opted not to apply patches, leaving them vulnerable to exploitation.
Another significant vulnerability highlighted by CISA is CVE-2022-43939, which stems from an authorization bypass in Hitachi Vantara Pentaho BA Server. This issue, rated at 8.6 on the CVSS, arises from the use of non-canonical URL paths for authorization decisions. Fixed in August 2024 with versions 9.3.0.2 and 9.4.0.1, this vulnerability could potentially allow an attacker to access sensitive data.
Hitachi Vantara Pentaho BA Server also features CVE-2022-43769, a special element injection vulnerability rated at 8.8 on the CVSS. This flaw enables attackers to inject Spring templates into properties files, allowing for arbitrary command execution. Fixed in August 2024 with versions 9.3.0.2 and 9.4.0.1, it is imperative that users take swift action to address this vulnerability.
Microsoft Windows has been affected by CVE-2018-8639, an improper resource shutdown or release vulnerability rated at 7.8 on the CVSS. This flaw allows for local, authenticated privilege escalation and running arbitrary code in kernel mode. Fixed in December 2018, it is essential that users keep their operating systems updated to mitigate this risk.
Lastly, Progress WhatsUp Gold has been impacted by CVE-2024-4885, a path traversal vulnerability rated at 9.8 on the CVSS. This flaw enables unauthenticated attackers to achieve remote code execution, posing significant risks to network security. Fixed in version 2023.1.3 in June 2024, it is crucial that users apply patches promptly to protect against exploitation.
Threat actors are already taking advantage of these vulnerabilities. French cybersecurity company Sekoia revealed that threat actors are abusing CVE-2023-20118 to rope susceptible routers into a botnet called PolarEdge. As for CVE-2024-4885, the Shadowserver Foundation has observed exploitation attempts against the flaw as of August 1, 2024. Data from GreyNoise indicates that as many as eight unique IP addresses from Hong Kong, Russia, Brazil, South Korea, and the United Kingdom are linked to the malicious exploitation of this vulnerability.
In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are urged to apply necessary mitigations by March 24, 2025. Timely patch management is crucial in addressing these vulnerabilities and preventing potential security breaches.
The recent addition to CISA's KEV catalog serves as a stark reminder of the importance of proactive cybersecurity measures and timely patch management. As organizations continue to navigate an increasingly complex cyber landscape, it is essential that they prioritize their security posture and stay vigilant against emerging threats.
In conclusion, the vulnerabilities outlined by CISA highlight the need for swift action from affected organizations. By applying necessary mitigations and staying up-to-date with the latest patches, individuals can significantly reduce the risk of falling victim to these actively exploited flaws.
Related Information:
https://www.ethicalhackingnews.com/articles/Cisco-Hitachi-Microsoft-and-Progress-Flaws-Actively-Exploited-CISA-Sounds-Alarm-Over-Cybersecurity-Risks-ehn.shtml
https://thehackernews.com/2025/03/cisco-hitachi-microsoft-and-progress.html
https://nvd.nist.gov/vuln/detail/CVE-2023-20118
https://www.cvedetails.com/cve/CVE-2023-20118/
https://nvd.nist.gov/vuln/detail/CVE-2022-43939
https://www.cvedetails.com/cve/CVE-2022-43939/
https://nvd.nist.gov/vuln/detail/CVE-2022-43769
https://www.cvedetails.com/cve/CVE-2022-43769/
https://nvd.nist.gov/vuln/detail/CVE-2018-8639
https://www.cvedetails.com/cve/CVE-2018-8639/
https://nvd.nist.gov/vuln/detail/CVE-2024-4885
https://www.cvedetails.com/cve/CVE-2024-4885/
Published: Tue Mar 4 00:55:18 2025 by llama3.2 3B Q4_K_M
