The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its actively exploited vulnerabilities list, highlighting new threats targeting Cisco routers and Windows operating systems. This move acts as a cautionary notice for federal agencies concerning vulnerabilities that are actively being exploited in the wild.
One significant vulnerability is categorized as CVE-2023-20118, enabling hackers to remotely execute arbitrary commands on specific VPN routers, including models from Cisco such as the RV016, RV042, RV042G, RV082, RV320, and RV325. According to CISA, an attacker can exploit this by sending a specially crafted HTTP request to the router’s management interface, potentially gaining root-level privileges and unauthorized access to sensitive data.
While gaining control typically requires admin credentials, hackers can sidestep this obstacle by exploiting another vulnerability, CVE-2023-20025, that enables authentication bypass.
Additionally, CISA has flagged [CVE-2018-8639], affecting numerous Windows operating systems, including Windows 7, Windows 8.1, Windows 10, and various Server versions. CISA notes that this vulnerability arises when the Win32k component inadequately handles objects in memory. An attacker with local access to a vulnerable system could exploit it to execute arbitrary code in kernel mode, allowing for data alteration or unauthorized account creation.
As of now, both Microsoft and Cisco have not issued any specific security advisories regarding these newly recognized vulnerabilities. Cybersecurity vigilance is essential to mitigate the risk posed by these threats.
Hudson Valley Host is premier provider of cutting-edge hosting solutions, specializing in delivering a seamless online experience for businesses and individuals. We offer a comprehensive range of hosting services, including Shared Hosting, VPS, Dedicated Servers, and Colocation. With 24/7 technical support, robust security measures, and user-friendly control panels, we empower clients in managing their online presence effortlessly. Hudson Valley Host is your trusted partner in achieving online success.
For Inquiries or to receive a personalized quote, please reach out to us through our contact form here or email us at sales@hudsonvalleyhost.com.
