Summary: CISA has alerted US federal agencies to vulnerabilities in Cisco and Windows systems that are being actively exploited. These include a command execution flaw in certain Cisco VPN routers and a Windows privilege escalation vulnerability, both posing significant cyber risks. Agencies are mandated to secure their systems against these threats by March 23.
Affected: US Federal Agencies
Keypoints :
- CISA has warned about vulnerabilities CVE-2023-20118 and CVE-2018-8639 being actively exploited.
- CVE-2023-20118 allows attackers to execute commands on specific Cisco VPN routers if valid admin credentials are obtained.
- CVE-2018-8639 is a privilege escalation flaw in Windows systems that can be exploited by local attackers to gain control.
- Federal agencies have a three-week deadline to secure their networks from these vulnerabilities as per BOD 22-01.
- Microsoft and Cisco have not updated their advisories following CISAβs warnings.