Critical Flaws Exploited: Cisco, Windows, Hitachi, WhatsUp Gold at Risk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning for federal agencies to mitigate security vulnerabilities being actively exploited in Cisco routers, Windows systems, and Hitachi and Progress WhatsUp Gold software. These vulnerabilities pose significant risks, including remote code execution, privilege escalation, and unauthorized data access.

Cisco Small Business Router Vulnerability (CVE-2023-20118)

A vulnerability in the web-based management interface of multiple Cisco Small Business Routers (RV016, RV042, RV042G, RV082, RV320, and RV325) could allow authenticated remote attackers to execute arbitrary commands. The flaw, with a CVSS score of 6.5, arises from improper validation of user input within incoming HTTP packets. Attackers leveraging this vulnerability could gain root-level privileges and access sensitive data if they possess valid administrative credentials.

Cisco has confirmed that it will not release software updates to address this issue, leaving affected devices permanently exposed. Additionally, the company’s Product Security Incident Response Team (PSIRT) acknowledged the availability of publicly accessible proof-of-concept (PoC) exploit code for CVE-2023-20025, another security flaw in Cisco devices, further increasing the threat landscape.

Hitachi Vantara Pentaho Business Analytics Server Vulnerabilities (CVE-2022-43939, CVE-2022-43769)

Two critical vulnerabilities, CVE-2022-43939 and CVE-2022-43769, affect Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including all 8.3.x versions.

CVE-2022-43939 (CVSS 8.8): This flaw stems from security restrictions that can be bypassed using non-canonical URLs, allowing unauthorized access.
CVE-2022-43769 (CVSS 8.8): This vulnerability allows web services to set property values containing Spring templates, which can be interpreted downstream, leading to remote code execution.

Both vulnerabilities have PoC exploits available, significantly raising the risk of real-world exploitation.

Win32k Privilege Escalation Vulnerability (CVE-2018-8639)

The CVE-2018-8639 vulnerability, affecting Windows client and server platforms, is an elevation-of-privilege flaw in the Win32k component. With a CVSS score of 7.8, this vulnerability enables local attackers to execute arbitrary code in kernel mode, potentially modifying system data or creating rogue administrator accounts to take full control of compromised Windows devices.

Microsoft first acknowledged this flaw in a security advisory issued in December 2018. Given its widespread impact on Windows 7 and later client systems, as well as Windows Server 2008 and newer versions, organizations are urged to ensure all necessary patches have been applied.

Progress WhatsUp Gold Remote Code Execution Vulnerability (CVE-2024-4885)

A vulnerability (CVE-2024-4885) in Progress WhatsUp Gold versions released before 2023.1.3 has been flagged as an unauthenticated remote code execution flaw. The issue stems from the WhatsUp.ExportUtilities.Export.GetFileWithoutZip function, which enables attackers to execute arbitrary commands with IIS app pool (iisapppool\nmconsole) privileges.

With a CVSS score of 9.8, this vulnerability presents a critical risk for organizations using WhatsUp Gold for network monitoring. Immediate patching is required to prevent exploitation.

Mitigation Deadline for Federal Agencies

CISA has mandated that all Federal Civilian Executive Branch (FCEB) agencies apply the necessary patches by March 24, 2025, to secure their networks against these threats. The agency urges all organizations, public and private, to take proactive measures to remediate these vulnerabilities to prevent potential cyberattacks.

Rate this post

Leave a Reply Cancel reply

Website