The US Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws affecting software, based on evidence of active exploitation to known exploitation vulnerabilities (KEV) catalogs from Cisco, Hitachi Vantara, Microsoft Windows, and Progress Whatsup Gold.
Here’s the list of vulnerabilities –
CVE-2023-20118 (CVSS score: 6.5) – Enable authenticated remote attackers to gain root-level privileges and access rogue data, like cvs-202-4399 on CVE-202-4399 (CVS-202-4399) – CVSS score: 6.5) – Command injection vulnerability. Hitachi Vantalapentahoe BA Server Bypass Vulnerability due to the use of non-canonical URL paths for approval decisions (fixed in versions 9.3.0.2 and 9.4.0.1 in August 2024) CVE-2022-43769 (CVSS score: 8.8) Run any command to insert a spring template into a property file (fixed in versions 9.3.0.2 and 9.4.0.1 in August 2024) CVE-2018-8639 (CVSS score: 7.8) – Allows in Microsoft Windows to shut down or release inappropriate resources in Microsoft Windows. (Fixed December 2018) CVE-2024-4885 (CVSS score: 9.8) – Ongoing Path Traversal Vulnerability WhatsUp Gold allows unrecognized attackers to achieve remote code execution (Fixed in June 2024 version 2023.1.3)
While there is little report on how some of the aforementioned flaws have been weaponized in the wild, French cybersecurity company Sekoia revealed last week that threat actors have abused CVE-2023-20118 and roped them into a botnet called Polarage.
Regarding CVE-2024-4885, the Shadowserver Foundation stated that it had observed attempts to exploit the defects as of August 1, 2024. Data from Grey Noise shows that eight unique IP addresses in Hong Kong, Russia, Brazil, South Korea and the UK are linked to exploiting the vulnerability.
In light of active exploitation, Federal Private Enforcement Sector (FCEB) agencies will be urged to apply the necessary mitigations by March 24, 2025 to ensure their networks.
Source link
