CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal and commercial enterprise.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
VULNERABILITIES
Here are the latest Known Exploited Vulnerabilities including Cisco Routers, Microsoft Windows Servers, Hitachi Servers, and Progress WhatsUp recently released by CISA in conjunction with the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD).
Vendor/Product: Cisco Small Business RV Series Router Firmware
Description: A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device.
Impact: An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data.
Source: CVE-2023-20118
Max Severity: High
CVSS Score: 9.0
Mitigation: Cisco has not and will not release software updates that address this vulnerability.
Vendor/Product: Microsoft Windows Servers (undergoing reanalysis)
Description: Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability. An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8641.
Impact: To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Source: CVE-2018-8639
Max Severity: High
CVSS Score: 7.8
Mitigation: The update addresses this vulnerability by correcting how Win32k handles objects in memory.
Vendor/Product: Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
Description: Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.
Impact: If an application defines policy namespaces and makes authorization decisions based on the URL, but it does not require or convert to a canonical URL before making the authorization decision, then it opens the application to attack.
Source: CVE-2022-43939
Max Severity: Critical
CVSS Score: 9.8
Mitigation: The defect may be mitigated now by defining a more restrictive set of authorization filters in the security configuration of the product. It is recommended that you upgrade to Hitachi Vantara Pentaho Business Analytics Server version 9.3 (Long Term Support Release) with 9.3.0.2 or newer applied, or the latest 9.4 release with 9.4.0.1 or newer.
Vendor/Product: Hitachi Vantara Pentaho Business Analytics Server
Description: Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x does not adequately filter user-controlled input for special elements with control implications and allow certain web services to set property values which contain Spring templates that are interpreted downstream.
Impact: When the vulnerability is leveraged, the attacker can inject Spring templates into properties files, allowing for arbitrary command execution.
Source: CVE-43769
Max Severity: High
CVSS Score: 8.8
Mitigation: It is recommended you upgrade to the latest Hitachi Vantara Pentaho version 9.4 release with Service Pack 9.4.0.1. For version 9.3 we recommend updating to Service Packs 9.3.0.2 or above where this vulnerability is addressed.
Vendor/Product: Progress WhatsUp Path
Description: WhatsUp Gold GetFileWithoutZip Directory Traversal Remote Code Execution Vulnerability. In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.
Impact: The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.
Source: CVE-2024-4885
Max Severity: Critical
CVSS Score: 9.8
Mitigation: To best protect your environment(s), please immediately upgrade your system(s) to the latest version of WhatsUp Gold, 23.1.3, released May 24, 2024. This version includes the critical security fixes necessary to address these vulnerabilities.
