CISA Tags Windows, Cisco Vulnerabilities As Actively Exploited (bleepingcomputer.com) 16
CISA has warned U.S. federal agencies about active exploitation of vulnerabilities in Cisco VPN routers and Windows systems. "While the cybersecurity agency has tagged these flaws as actively exploited in the wild, it has yet to provide specific details regarding this malicious activity and who is behind it," adds Bleeping Computer. From the report: The first flaw (tracked as CVE-2023-20118) enables attackers to execute arbitrary commands on RV016, RV042, RV042G, RV082, RV320, and RV325 VPN routers. While it requires valid administrative credentials, this can still be achieved by chaining the CVE-2023-20025 authentication bypass, which provides root privileges. Cisco says in an advisory published in January 2023 and updated one year later that its Product Security Incident Response Team (PSIRT) is aware of CVE-2023-20025 publicly available proof-of-concept exploit code.
The second security bug (CVE-2018-8639) is a Win32k elevation of privilege flaw that local attackers logged into the target system can exploit to run arbitrary code in kernel mode. Successful exploitation also allows them to alter data or create rogue accounts with full user rights to take over vulnerable Windows devices. According to a security advisory issued by Microsoft in December 2018, this vulnerability impacts client (Windows 7 or later) and server (Windows Server 2008 and up) platforms.
Today, CISA added the two vulnerabilities to its Known Exploited Vulnerabilities catalog, which lists security bugs the agency has tagged as exploited in attacks. As mandated by the Binding Operational Directive (BOD) 22-01 issued in November 2021, Federal Civilian Executive Branch (FCEB) agencies now have three weeks, until March 23, to secure their networks against ongoing exploitation.
The second security bug (CVE-2018-8639) is a Win32k elevation of privilege flaw that local attackers logged into the target system can exploit to run arbitrary code in kernel mode. Successful exploitation also allows them to alter data or create rogue accounts with full user rights to take over vulnerable Windows devices. According to a security advisory issued by Microsoft in December 2018, this vulnerability impacts client (Windows 7 or later) and server (Windows Server 2008 and up) platforms.
Today, CISA added the two vulnerabilities to its Known Exploited Vulnerabilities catalog, which lists security bugs the agency has tagged as exploited in attacks. As mandated by the Binding Operational Directive (BOD) 22-01 issued in November 2021, Federal Civilian Executive Branch (FCEB) agencies now have three weeks, until March 23, to secure their networks against ongoing exploitation.
Russians (Score:5, Funny)
Re: (Score:3)
Yeah, this morning I decided to delete my existing CISA email subscriptions. The fact that this president is actively interfering with their ability to report on one of the most active sources of bad activity means they basically aren't worth the time - might as well put it to better use reviewing other sources of information that aren't subject to Trump's shenanigans.
wut (Score:5, Funny)
The second security bug (CVE-2018-8639) is a Win32k elevation of privilege flaw that local attackers logged into the target system can exploit to run arbitrary code in kernel mode.
A vulnerability from 2018 actively exploited? LMAO.
Re: (Score:2)
The second security bug (CVE-2018-8639) is a Win32k elevation of privilege flaw that local attackers logged into the target system can exploit to run arbitrary code in kernel mode.
A vulnerability from 2018 actively exploited? LMAO.
A vulnerability from 2018 that is still unpatched? ROTFLMAO
I predict (Score:4, Informative)
We're going to see a lot of CISA submissions and stories over the next few weeks as those poor saps try to pretend they haven't been completely compromised by the Grifter in Chief.
Re: (Score:2)
Re: (Score:1)
Well, obviously not by Russia, indeed.
Republicans are best friends with communist dictators now.
How their supporters are apparently accepting this is ... interesting to behold.
Re: (Score:2)
They even spend their independence day vacation in Moscow https://thehill.com/homenews/s... [thehill.com]
Re: (Score:1)
Re: (Score:2)
We should just go ahead and disband it now.
Don't forget to push the allow any any before you turn out the lights.
Re: (Score:2)
Oh? So you have been getting the interdepartmental memos and have sat in on their technical discussions? Please fill us in from your vast repository of knowledge that was not filtered through the internet and the stuff that actually makes it into your eyes.
Headline got my hopes up... (Score:2)
vs
"CISA Tags (Windows, Cisco) Vulnerabilities As Actively Exploited"