The CISA has issued a warning about ongoing attacks targeting vulnerabilities in Cisco RV routers, Hitachi Vantara, WhatsUp Gold, and Windows. Some of these vulnerabilities are over seven years old, with patches available. IT administrators are urged to check for vulnerable systems and devices that may have gone undetected. Affected: Cisco RV routers, Hitachi Vantara, WhatsUp Gold, Windows
Keypoints :
- CISA warns of active attacks on vulnerabilities in Cisco RV routers, Hitachi Vantara, WhatsUp Gold, and Windows.
- Some vulnerabilities are over seven years old; updates to fix them are available.
- Attackers can execute arbitrary commands on Cisco RV routers via the web interface (CVE-2023-20118).
- Hitachi Vantara has two vulnerabilities being exploited, one allowing authorization bypass (CVE-2022-43939) and another for injecting malicious Spring templates (CVE-2022-43769).
- The oldest attack targets the Win32k component of Windows, allowing privilege escalation (CVE-2018-8639).
- WhatsUp Gold had a previously patched critical directory traversal vulnerability (CVE-2024-4885) that allowed unauthorized code execution.
- CISA does not specify the nature or scale of the ongoing attacks.
- IT administrators are advised to update vulnerable software and investigate for potential breaches.
MITRE Techniques :
- T1203 – Exploit Public-Facing Application: Exploited vulnerabilities in Cisco RV Routers and WhatsUp Gold.
- T1190 – Exploit Vulnerability in Client Application: Attacking authorization bypass in Hitachi Vantara.
- T1202 – Indirect Command Execution: Arbitrary commands executed by attackers on Cisco RV routers.
- T1068 – Execution with Unnecessary Privileges: Privilege escalation allowed through CVE-2018-8639.
- T1070 – Indicators of Exfiltration: Code execution vulnerabilities were exploited to potentially exfiltrate data or control systems.
Indicator of Compromise :
- [CVE ID] CVE-2023-20118
- [CVE ID] CVE-2022-43939
- [CVE ID] CVE-2022-43769
- [CVE ID] CVE-2018-8639
- [CVE ID] CVE-2024-4885