Urgent Warning: Ongoing Attacks Target Cisco Routers, WhatsUp Gold, and Windows Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding active cyberattacks exploiting vulnerabilities found in Cisco RV routers, Hitachi Vantara, WhatsUp Gold, and various Windows versions. Some of these security flaws have been present for up to seven years, with patches available. IT professionals are urged to assess their network environments for potentially vulnerable installations or devices that may have gone undetected.

The CISA's warning identifies five specific security vulnerabilities that are currently under active attack. One of the most concerning vulnerabilities pertains to Cisco's RV series of small business routers. Until a patch was released in April 2023, an issue in the web-based management interface allowed authenticated attackers to execute arbitrary commands over the network simply by sending carefully crafted HTTP packets (CVE-2023-20118, CVSS 6.5, Medium risk).

Additionally, attackers are targeting two vulnerabilities in Hitachi's Vantara Pentaho Business Analytics Server. One flaw enables authentication bypass (CVE-2022-43939, CVSS 8.6, High risk), while the second allows the injection of special elements, specifically Spring templates (CVE-2022-43769, CVSS 8.8, High risk). Both vulnerabilities were reported in April 2023.

The oldest vulnerability currently being exploited relates to the Win32k component of Windows, which permits privilege escalation within the system (CVE-2018-8639, CVSS 7.8, High risk). This flaw affects Windows versions up to Windows 10 and Windows Server 2019. Furthermore, the WhatsUp Gold software from Progress had a critical directory traversal vulnerability, allowing attackers to inject and execute arbitrary code without prior authentication (CVE-2024-4885, CVSS 9.8, Critical risk). This vulnerability was patched by the vendor in mid-2024.

While CISA has not disclosed the specifics of the attacks or their scale, administrators of affected software are strongly advised to verify whether they are still utilizing vulnerable versions. Immediate updates and thorough investigations for potential breaches are highly recommended.

In recent weeks, CISA has also alerted organizations about attacks targeting the Microsoft Partner Center and Zimbra Groupware, highlighting a troubling trend where malicious actors are increasingly targeting well-known platforms. Just a day prior to the current alert, the agency provided warnings regarding ongoing attacks on Adobe ColdFusion and Oracle Agile PLM.