The Cybersecurity and Infrastructure Security Agency (CISA) recently updated its Known Exploited Vulnerabilities (KEV) Catalog by adding five vulnerabilities that have been actively exploited in the wild.
These vulnerabilities target a range of products, including Cisco routers, Hitachi Vantara’s Pentaho Business Analytics Server, Microsoft Windows, and Progress Software’s WhatsUp Gold. CISA’s addition of these vulnerabilities highlights their potential for severe exploitation, with the potential for both data breaches and system compromises.
CVE-2023-20118: Cisco Small Business RV Series Routers Command Injection Vulnerability
One of the key vulnerabilities added to the catalog is CVE-2023-20118, a command injection vulnerability affecting Cisco Small Business RV Series routers. This flaw allows an authenticated, remote attacker to execute arbitrary commands on affected devices. It is triggered by improper validation of user input within the router’s web-based management interface.
The vulnerability, which affects multiple versions of Cisco’s RV016, RV042, RV042G, RV082, RV320, and RV325 routers, could enable attackers to gain root-level privileges and access sensitive data. To exploit the vulnerability, attackers need valid administrative credentials, but once successfully exploited, they can take full control of the device. Cisco has not provided a patch for this issue, meaning affected users are left without an official solution.
The severity of this issue has been rated as medium with a CVSS score of 6.5, reflecting its ability to cause harm in the wrong hands.
CVE-2022-43939: Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
Another vulnerability, CVE-2022-43939, affects Hitachi Vantara’s Pentaho Business Analytics (BA) Server. This flaw stems from the improper handling of non-canonical URL paths for authorization decisions. By bypassing security checks, unauthorized users can gain access to restricted areas of the server.
This vulnerability affects several versions of the Pentaho BA Server, including those prior to 9.4.0.1, 9.3.0.2, and 8.3.x. The CVSS score for CVE-2022-43939 is a high 8.6, indicating that exploitation could lead to unauthorized access and potential data compromise.
CVE-2022-43769: Special Element Injection in Hitachi Vantara Pentaho BA Server
A second vulnerability in Hitachi Vantara’s Pentaho BA Server, CVE-2022-43769, involves a failure to properly sanitize special elements, leading to special element injection. This flaw allows attackers to exploit web services that accept property values containing Spring templates. If successfully executed, this injection can compromise system integrity and allow attackers to execute arbitrary commands.
The CVSS score for CVE-2022-43769 is an alarming 8.8, placing it in the high-severity range. Affected versions of the server include those prior to 9.4.0.1, 9.3.0.2, and 8.3.x. This vulnerability highlights the critical need for businesses using Pentaho BA Server to ensure that proper sanitization techniques are implemented to mitigate injection attacks.
CVE-2018-8639: Microsoft Windows Win32k Improper Resource Shutdown
The CVE-2018-8639 vulnerability, present in various versions of Microsoft Windows, allows an attacker to elevate their privileges within the system. This improper resource shutdown or release in the Win32k component can be exploited to escalate user privileges, granting attackers unauthorized access to system resources.
This vulnerability impacts several Windows versions, including Windows 7, 10, Windows Server editions, and Windows 8.1. Despite being published in 2018, it remains a notable threat due to its widespread impact across multiple platforms. The CVSS score for this vulnerability is moderate, but its potential to enable malicious actors to escalate privileges makes it a risk for organizations with outdated systems.
CVE-2024-4885: Progress WhatsUp Gold Path Traversal Vulnerability
The most recent addition to the KEV Catalog, CVE-2024-4885, targets Progress Software’s WhatsUp Gold, a network monitoring tool. This vulnerability is a path traversal issue that could allow unauthenticated attackers to execute arbitrary commands with system privileges.
The flaw is present in versions of WhatsUp Gold prior to 2023.1.3. The CVSS score for this vulnerability is critical, with a 9.8 rating. By exploiting this vulnerability, attackers can traverse restricted directories, leading to the potential for remote code execution and complete system compromise.
The Importance of Addressing These Known Exploited Vulnerabilities
CISA’s inclusion of these vulnerabilities in the Known Exploited Vulnerabilities Catalog serves as a strong reminder to organizations about the risks posed by unpatched software. Exploiting injection vulnerabilities such as CVE-2023-20118 and CVE-2022-43769 is a common tactic used by cybercriminals to gain unauthorized access to systems.
Vulnerabilities such as CVE-2024-4885 and CVE-2022-43939, which involve issues like path traversal and authorization bypass, highlight how attackers can exploit seemingly small weaknesses in an application to gain full access to sensitive systems.
As a best practice, it is crucial for organizations to regularly monitor and update their software, apply security patches promptly, and be proactive in identifying potential vulnerabilities before they can be exploited. Additionally, understanding and addressing Known Exploited Vulnerabilities is key in reducing the attack surface and mitigating the risk of a security breach.
For affected organizations, staying informed about vulnerabilities such as CVE-2023-20118, CVE-2022-43769, and others included in the KEV catalog is essential in fortifying cybersecurity defenses. CISA’s efforts to catalog these vulnerabilities and alert the public about ongoing threats are instrumental in reducing the impact of these critical flaws across the federal and private sectors alike.
Conclusion
The five vulnerabilities added by CISA to the Known Exploited Vulnerabilities Catalog highlight the ongoing cybersecurity challenges organizations face. With attackers constantly searching for weaknesses such as command injection and path traversal vulnerabilities, it is essential that businesses and government agencies remain vigilant. Addressing vulnerabilities such as CVE-2023-20118, CVE-2024-4885, and others promptly can help reduce the risks posed by these severe security flaws.
