Progress, Hitachi, Hitachi, and Cisco All Have Active Exploited Software; CISA Speaks!

by
The Hacker NewsCyber Attack / Risk on March 4, 2025

Based on evidence of active exploitation, the U.S. Cybersecurity and Infrastructure Security Agency ( CISA ) five security flaws to the software catalogs from Cisco, Hitachi Vantara, Microsoft Windows, and Progress WhatsUp Gold.

The record of threats follows:

    CVE-2023-20118 ( CVSS score: 6.5 )- A command injection vulnerability in the web-based management interface of the Cisco Small Business RV Series routers that allows an authenticated, remote attacker to gain root-level privileges and access unauthorized data ( Unpatched due to the routers reaching end-of-life status ).

  • ( CVSS score: 8.6)- A vulnerability in Hitachi Vantara Pentaho BA Server that results from unauthorized use of non-canonical URL paths ( fixed in August 2024 with versions 9.3.0.2 and 9.4.0.1 )
  • A special element injection vulnerability in Hitachi Vantara Pentaho BA Server, which allows an attacker to insert Spring templates into properties files, allowing for arbitrary command execution ( Fixed in August 2024 with versions 9.3.0.2 and 9.4.0.1 ), has been fixed.
  • ( CVSS score: 7.8 )- An unfavorable resource shutdown or release vulnerability in Microsoft Windows Win32k that allows for running arbitrary code in kernel mode and local, authenticated privilege escalation ( Fixed in December 2018 ).
  • ( CVSS score: 9.8 )- A path traversal flaw in Progress WhatsUp Gold that makes it possible for an unauthenticated attacker to execute remote code ( fixed in version 2023.1.3 in June 2024 ).

Although there aren’t many details about how some of the above flaws are exploited in the wild, French security company Sekoia reported last week that danger actors were using CVE-2023-20118 to entice vulnerable routers into a PolarEdge botnet.

The Shadowserver Foundation reported seeing abuse attempt against the weakness as of August 1, 2024, in response to CVE-2024-4885. According to data from Grey Noise, up to eight distinct IP addresses from Hong Kong, Russia, Brazil, South Korea, and the UK are linked to the vulnerability’s intentional abuse.

Federal Civilian Executive Branch (FCEB ) organizations are urged to implement the necessary mitigations to secure their sites by March 24, 2025, in light of active exploitation.

I found this article to be exciting. One of our valued lovers contributed to this article. Following us on and Twitter to access more unique content.

Leave a Comment