U.S. CISA Adds Multiple Cisco Small Business Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Gold Flaws to Its Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added several vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, highlighting the importance of addressing these flaws in order to protect against potential cyber threats.

Cisco Small Business RV Series Routers

Cisco has identified multiple vulnerabilities in their Small Business RV Series Routers' web interface, which allows authenticated remote attackers to execute arbitrary commands due to improper input validation. Exploiting this vulnerability requires admin credentials and grants root access.

The affected routers include the Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 models. According to the advisory, a remote attacker could bypass authentication or execute arbitrary commands on the underlying operating system of an affected device.

Microsoft Windows Win32k

Microsoft Windows has identified a vulnerability in its Win32k component that fails to properly handle objects in memory. This elevation of privilege vulnerability allows an attacker to run arbitrary code in kernel mode, install programs, view, change, or delete data, or create new accounts with full user rights.

According to the advisory, an attacker would need to log on to the system and then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The update addresses this vulnerability by correcting how Win32k handles objects in memory.

Progress WhatsUp Gold

Progress has identified an unauthenticated Remote Code Execution vulnerability in their WhatsUpGold product, tracked as CVE-2024-4885. The vulnerability affects the WhatsUp.ExportUtilities.Export.GetFileWithoutZip function, which allows execution of commands with iisapppool\nmconsole privileges.

Hitachi Vantara Pentaho BA Server

Hitachi Vantara has also identified two vulnerabilities in their Pentaho BA Server, respectively tracked as CVE-2022-43939 and CVE-2022-43769. The U.S. Agency for the Prevention of Crime (USAPC) has added these flaws to the KEV catalog.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, federal agencies have until March 24, 2025, to address these identified vulnerabilities and protect their networks against attacks exploiting the flaws in the catalog. Private organizations are also recommended to review the Catalog and address the vulnerabilities in their infrastructure.

Experts emphasize the importance of addressing these vulnerabilities promptly to prevent potential cyber threats. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to fix this vulnerability by March 24, 2025.