CISA Flags Actively Exploited Vulnerabilities in Cisco, Microsoft, and Hitachi Software

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five newly identified security flaws affecting Cisco, Hitachi Vantara, Microsoft Windows, and Progress WhatsUp Gold to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation in the wild.

  Vulnerability Alerts   Mar 4, 2025  Add to Reading List
CISA Flags Actively Exploited Vulnerabilities in Cisco, Microsoft, and Hitachi Software

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five newly identified security flaws affecting Cisco, Hitachi Vantara, Microsoft Windows, and Progress WhatsUp Gold to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation in the wild.

List of Newly Added Vulnerabilities:

  • CVE-2023-20118 (CVSS 6.5) – A command injection flaw in Cisco Small Business RV Series routers, enabling authenticated remote attackers to gain root access and retrieve unauthorized data. (No patch available as these routers are end-of-life.)
  • CVE-2022-43939 (CVSS 8.6) – An authorization bypass flaw in Hitachi Vantara Pentaho BA Server, caused by improper handling of non-canonical URL paths. (Fixed in August 2024 in versions 9.3.0.2 and 9.4.0.1.)
  • CVE-2022-43769 (CVSS 8.8) – A special element injection flaw in Hitachi Vantara Pentaho BA Server, allowing attackers to inject Spring templates and execute arbitrary commands. (Fixed in August 2024.)
  • CVE-2018-8639 (CVSS 7.8) – An improper resource release flaw in Microsoft Windows Win32k, enabling local privilege escalation and arbitrary code execution in kernel mode. (Fixed in December 2018.)
  • CVE-2024-4885 (CVSS 9.8) – A path traversal vulnerability in Progress WhatsUp Gold, allowing unauthenticated remote code execution. (Fixed in June 2024 with version 2023.1.3.)

Emerging Exploits in the Wild

While specific details on exploitation remain scarce, cybersecurity firms have observed active attacks leveraging some of these vulnerabilities:

  • CVE-2023-20118 has been exploited to recruit vulnerable routers into the PolarEdge botnet, according to French cybersecurity firm Sekoia.
  • CVE-2024-4885 has been actively targeted since August 2024, with Shadowserver Foundation and GreyNoise tracking exploitation attempts from Hong Kong, Russia, Brazil, South Korea, and the UK.

Mitigation Urged for Federal Agencies

In response to ongoing threats, Federal Civilian Executive Branch (FCEB) agencies must implement necessary mitigations by March 24, 2025, to protect their networks from potential compromise.