CISA Adds Cisco, Hitachi, Microsoft Exploited Vulnerabilities to Catalog, Urges Remediation

• CISA warns of five exploited flaws, starting with a Cisco router command injection vulnerability.
• Two target the Hitachi Vantara Pentaho BA server, and one is a Microsoft Windows Win32k bug.
• The last on the list is a path traversal vulnerability in Progress WhatsUp Gold. 

Cisco, Hitachi, Microsoft, and Progress vulnerabilities under active exploitation were added to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog. 

The update, announced on March 3, includes critical flaws affecting widely used systems, emphasizing significant risks to federal enterprise networks and broader organizational infrastructures.

• CVE-2023-20118 (Cisco Small Business RV Series Routers): Command injection vulnerability allowing potential remote control of routers.
• CVE-2022-43939 (Hitachi Vantara Pentaho BA Server): Authorization bypass vulnerability, enabling access without proper credentials.
• CVE-2022-43769 (Hitachi Vantara Pentaho BA Server): Special element injection vulnerability, susceptible to exploitation.
• CVE-2018-8639 (Microsoft Windows Win32k): Improper resource shutdown or release vulnerability, leading to potential crashes or unauthorized access.
• CVE-2024-4885 (Progress WhatsUp Gold): Path traversal vulnerability, enabling attackers to access sensitive files on impacted systems.

These vulnerabilities are frequent targets for cyber actors due to their widespread use and potential for exploitation, posing immediate threats to affected systems.

The updates align with Binding Operational Directive (BOD) 22-01, which requires Federal Civilian Executive Branch (FCEB) agencies to remediate vulnerabilities identified in the catalog by set deadlines. 

BOD 22-01, introduced to mitigate risks associated with exploited vulnerabilities, mandates proactive remediation to safeguard federal networks from active cyber threats.

While the directive primarily applies to FCEB agencies, CISA strongly encourages all organizations to prioritize addressing these vulnerabilities as part of their cybersecurity strategies.

CISA advises businesses and institutions to integrate regular Catalog reviews and timely remediation efforts into their vulnerability management practices to minimize exposure to cyberattacks. The agency will continue to update the catalog as additional exploited vulnerabilities are identified.

Three new vulnerabilities affecting Mitel MiCollab and Oracle WebLogic Server were flagged under active exploitation in January: CVE-2024-41713, CVE-2024-55550, and CVE-2020-2883.