Attacks on security leaks in Cisco RV routers, WhatsUp Gold and Windows
CISA warns of ongoing attacks on vulnerabilities in Cisco RV routers, Hitachi Vantara, WhatsUp Gold and Windows.
(Image: Erstellt mit KI in Bing Designer durch heise online / dmk)
The US IT security authority warns of observed attacks on vulnerabilities in Cisco RV routers, Hitachi Vantara, WhatsUp Gold and Windows. Some vulnerabilities are already seven years old and updates are available to seal them. IT managers should check whether potentially vulnerable installations or devices have remained undetected in the network environments they manage.
In the CISA warning, the authority names five security vulnerabilities that it is aware are currently under active attack. Until an update in April 2023, there was a vulnerability in the web-based management interface of Cisco's RV series small business routers that allowed authenticated attackers to execute arbitrary commands from the network by sending carefully crafted HTTP packets (CVE-2023-20118, CVSS 6.5, risk “medium”).
Three other attacked products
In Hitachi's Vantara Pentaho BA server, however, criminals are attacking two vulnerabilities. One vulnerability allows the bypassing of authorization (CVE-2022-43939, CVSS 8.6, risk “high”), the other allows the injection of “special elements”, more precisely Spring templates (CVE-2022-43769, CVSS 8.8, risk “high”). These vulnerabilities were also reported in April 2023.
Videos by heise
The oldest vulnerability currently under attack affects the Win32k component of Windows and enables the escalation of rights in the system(CVE-2018-8639, CVSS 7.8, risk “high”). Windows versions up to Windows 10 and Windows Server 2019 were affected. In WhatsUp Gold from Progress, the manufacturer patched a security vulnerability in the middle of last year, a directory traversal vulnerability that allowed attackers to inject and execute arbitrary code without prior login (CVE-2024-4885, CVSS 9.8, risk “critical”).
CISA does not provide any information on what the attacks look like and to what extent they take place. However, admins should check whether they still have the vulnerable software in use, update it and examine it for potential intrusions.
Last week, the US authority CISA had to warn of attacks on the Microsoft Partner Center and the groupware Zimbra, which were targeted by malicious actors. Just one day before that, CISA issued warnings about ongoing attacks on Adobe Coldfusion and Oracle Agile PLM.
(dmk)
