The Cybersecurity and Infrastructure Security Agency (CISA) has just added new exploits to its list of active exploits, as noted first BleepingComputer.
CISA’s actions are basically a warning to the U.S. federal agencies about the vulnerability of being exploited in the wild.
A traced vulnerability CVE-2023-20118allowing hackers to remotely “execute arbitrary commands” on certain VPN routers. These routers include Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320 and RV325.
“An attacker can exploit this vulnerability by sending a crafted HTTP request to a web-based management interface,” CISA wrote. “Successful exploits can allow an attacker to gain root-level privileges and access unauthorized data.”
Mixable light speed
To exploit this exploit, an attacker needs to manage credentials. However, as a BleepingComputer Point outHackers can exploit another vulnerability, CVE-2023-20025, to bypass authentication.
Another vulnerability added by CISA is CVE-2018-8639. This error affects many Windows operating systems, including Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2016, Windows Server 2008 R2, Windows 10 and Windows 10 servers.
According to CISA, this vulnerability “occurs in Windows when Win32K components fail to properly handle objects in memory.” Bad actors with local access to vulnerable systems can exploit the exploit to run arbitrary code in kernel mode. BleepingComputer reports that bad actors can use this vulnerability to “change data or create rogue accounts with full user rights to take over fragile Windows devices.”
Microsoft and Cisco have not issued security warnings about the two vulnerabilities.
