Feds add Windows, router vulnerabilities to actively exploited list

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has just added new exploits to its actively exploited list, as first noticed by BleepingComputer.

CISA’s actions basically serve as a warning to U.S. federal agencies about vulnerabilities currently being exploited in the wild. 

One exploit being tracked, CVE-2023-20118, allows hackers to remotely “execute arbitrary commands” on certain VPN routers. These routers include Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325.

“An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface,” CISA wrote. “A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data.”

In order to take advantage of this exploit, an attacker would need admin credentials. However, as BleepingComputer points out, hackers could take advantage of another vulnerability, CVE-2023-20025, in order to bypass authentication. 

Another vulnerability added by CISA is CVE-2018-8639. This bug affects a broad swath of Windows operating systems including Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, and Windows 10 Servers.

According to CISA, this vulnerability “exists in Windows when the Win32k component fails to properly handle objects in memory.” A bad actor with local access to the vulnerable system can utilize the exploit to run arbitrary code in kernel mode. BleepingComputer reports that a bad actor could use this vulnerability to “alter data or create rogue accounts with full user rights to take over vulnerable Windows devices.”

Microsoft and Cisco have not yet released their own security warning regarding these two exploits.