The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its actively exploited list with new vulnerabilities impacting Cisco routers and Windows systems. This update, highlighted by BleepingComputer, is a crucial alert for federal agencies concerning threats currently being exploited in the wild.
One significant vulnerability, identified as CVE-2023-20118, enables hackers to remotely execute arbitrary commands on specific Cisco Small Business Routers (models RV016, RV042, RV042G, RV082, RV320, and RV325). CISA warns that an attacker could exploit this vulnerability by sending a specially crafted HTTP request to the router’s web-based management interface, potentially gaining root-level access and stealing sensitive data.
To exploit this vulnerability, attackers typically require admin credentials. However, a related vulnerability, CVE-2023-20025, may allow hackers to bypass authentication and access the routers.
Additionally, another vulnerability on CISA’s list, CVE-2018-8639, affects various Windows operating systems, including Windows 7, Windows 10, Server 2008, and newer versions. This flaw arises when the Win32k component improperly handles objects in memory, allowing an attacker with local access to execute arbitrary code in kernel mode. This could lead to data alteration or the creation of rogue accounts, granting full user rights on affected Windows devices.
As of now, Microsoft and Cisco have not issued public security warnings regarding these vulnerabilities. This silence underscores the urgency for individuals and organizations to review their security protocols to mitigate these unfolding threats.
For more details, refer to the links for CVE-2023-20118 and CVE-2018-8639.
ColoCrossing excels in providing enterprise Colocation Services, Dedicated Servers, VPS, and a variety of Managed Solutions, operating from 8 data center locations nationwide. We cater to the diverse needs of businesses of any size, offering tailored solutions for your unique requirements. With our unwavering commitment to reliability, security, and performance, we ensure a seamless hosting experience.
For Inquiries or to receive a personalized quote, please reach out to us through our contact form here or email us at sales@colocrossing.com.
