The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its list of actively exploited vulnerabilities, highlighting threats affecting Cisco routers and Windows computers. This update serves as a warning to federal agencies regarding ongoing malicious exploits.
One significant vulnerability, identified as CVE-2023-20118, enables hackers to execute arbitrary commands on select VPN routers, including multiple Cisco Small Business models. By crafting specific HTTP requests to the routers’ management interface, attackers can gain root-level access and authenticate unauthorized data access.
Although administrative credentials are typically needed to exploit this vulnerability, another issue, CVE-2023-20025, allows hackers to bypass authentication entirely, making it easier for them to take control of affected devices.
CISA also flagged an older vulnerability, CVE-2018-8639, which impacts a range of Windows operating systems. This bug occurs due to improper handling of objects in memory by the Win32k component, allowing local attackers to run arbitrary code in kernel mode. Exploiters could leverage this vulnerability to create unauthorized accounts or alter crucial data, providing them significant control over the compromised systems.
As of now, neither Microsoft nor Cisco has issued specific security warnings regarding these vulnerabilities, making it crucial for users to remain vigilant and update their systems promptly.