The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently identified two significant vulnerabilities affecting Cisco and Windows products, which have been included in its Known Exploited Vulnerabilities (KEV) catalog. This move comes as organizations face active exploitation threats from malicious actors.
The vulnerabilities are as follows:
This vulnerability affects the web-based management interface of the Cisco Small Business RV Series Routers, including models RV016, RV042, RV042G, RV082, RV320, and RV325.
An authenticated remote attacker can exploit this flaw by sending a specially crafted HTTP request to the device’s management interface. Successful exploitation could grant the attacker root-level access and the ability to execute arbitrary commands, but it requires valid administrative credentials on the affected device.
The second vulnerability, identified as an elevation of privilege issue in the Windows Win32k component, allows local attackers to gain elevated privileges and run arbitrary code in kernel mode on affected systems. This vulnerability impacts a range of Windows versions, including Windows 7, various Windows Server editions, and Windows 10.
In light of these vulnerabilities, CISA has mandated that Federal Civilian Executive Branch (FCEB) agencies apply necessary patches by March 24, 2025, in accordance with their November 2021 directive aimed at bolstering defenses against cyber threats.
While Microsoft has provided a patch for CVE-2018-8639, Cisco has not issued a fix for CVE-2023-20118, as the affected router models have reached their end-of-life status.
Organizations are encouraged to take precautionary measures, including disabling remote management features, upgrading firmware, monitoring network activity, using strong passwords, restricting access to trusted sources, and implementing multifaceted security strategies to mitigate risks associated with these vulnerabilities.
For detailed information:
Hudson Valley Host is premier provider of cutting-edge hosting solutions, specializing in delivering a seamless online experience for businesses and individuals. We offer a comprehensive range of hosting services, including Shared Hosting, VPS, Dedicated Servers, and Colocation. With 24/7 technical support, robust security measures, and user-friendly control panels, we empower clients in managing their online presence effortlessly. Hudson Valley Host is your trusted partner in achieving online success.
For Inquiries or to receive a personalized quote, please reach out to us through our contact form here or email us at sales@hudsonvalleyhost.com.
