Analysis Summary

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five security flaws affecting Cisco, Hitachi Vantara, Microsoft Windows, and Progress WhatsUp Gold to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation.

The vulnerabilities include CVE-2023-20118, a command injection flaw in Cisco Small Business RV Series routers that allows remote root access but remains unpatched due to the routers reaching end-of-life. CVE-2022-43939 is an authorization bypass in Hitachi Vantara Pentaho BA Server caused by non-canonical URL paths, while CVE-2022-43769 is a special element injection flaw in the same software, allowing arbitrary command execution. Both were fixed in August 2024. CVE-2018-8639 is a privilege escalation issue in Microsoft Windows Win32k, which was patched in December 2018. CVE-2024-4885 is a critical path traversal vulnerability in Progress WhatsUp Gold, allowing unauthenticated remote code execution, which was fixed in June 2024.

While detailed exploitation reports remain limited, cybersecurity firm has observed attackers leveraging CVE-2023-20118 to recruit vulnerable routers into the PolarEdge botnet. Additionally, the other security firm has detected exploitation attempts against CVE-2024-4885 since August 1, 2024. GreyNoise data links eight unique IP addresses from Hong Kong, Russia, Brazil, South Korea, and the UK to malicious activity exploiting this flaw.

Given ongoing exploitation, Federal Civilian Executive Branch (FCEB) agencies must apply the necessary mitigations by March 24, 2025, to secure their networks against potential attacks.

Impact

• Remote Code Execution
• Privilege Escalation
• Unauthorized Gain Access
• Security Bypass

Indicators of Compromise

CVE

• CVE-2023-20118

• CVE-2022-43939

• CVE-2022-43769

• CVE-2018-8639

• CVE-2024-4885

Remediation

• Refer to Cisco Security Advisory for patch, upgrade, or suggested workaround information.
• Refer to Hitachi Website for patch, upgrade, or suggested workaround information.
• Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.
• Refer to Progress Website for patch, upgrade, or suggested workaround information.
• Organizations must test their assets for the vulnerability mentioned above and apply the available security patch or mitigation steps as soon as possible.
• Implement multi-factor authentication to add an extra layer of security to login processes.
• Regularly monitor network activity for any unusual behavior, as this may indicate that a cyberattack is underway.
• Organizations must stay vigilant and follow best practices for cybersecurity to protect their systems and data from potential threats. This includes regularly updating software and implementing strong access controls and monitoring tools.
• Develop a comprehensive incident response plan to respond effectively in case of a security breach or data leakage.
• Maintain regular backups of critical data and systems to ensure data recovery in case of a security incident.
• Adhere to security best practices, including the principle of least privilege, and ensure that users and applications have only the necessary permissions.
• Establish a robust patch management process to ensure that security patches are evaluated, tested, and applied promptly.
• Conduct security audits and assessments to evaluate the overall security posture of your systems and networks.
• Implement network segmentation to contain and isolate potential threats to limit their impact on critical systems.