The ????? ?????? ??????? ???????? ?? ??????U.S. Cybersecurity and Infrastructure Security Agency (CISA) has just added new exploits to its actively exploited list, as first noticed by BleepingComputer.
CISA's actions basically serve as a warning to U.S. federal agencies about vulnerabilities currently being exploited in the wild.
One exploit being tracked, CVE-2023-20118, allows hackers to remotely "execute arbitrary commands" on certain VPN routers. These routers include Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325.
"An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface," CISA wrote. "A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data."
In order to take advantage of this exploit, an attacker would need admin credentials. However, as BleepingComputer points out, hackers could take advantage of another vulnerability, CVE-2023-20025, in order to bypass authentication.
Another vulnerability added by CISA is CVE-2018-8639. This bug affects a broad swath of Windows operating systems including Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, and Windows 10 Servers.
According to CISA, this vulnerability "exists in Windows when the Win32k component fails to properly handle objects in memory." A bad actor with local access to the vulnerable system can utilize the exploit to run arbitrary code in kernel mode. BleepingComputer reports that a bad actor could use this vulnerability to "alter data or create rogue accounts with full user rights to take over vulnerable Windows devices."
Microsoft and Cisco have not yet released their own security warning regarding these two exploits.
Topics Cybersecurity
‘Looking After Minidoka’: Three Generations of JA Life
AI Agents Explained: The Next Evolution in Artificial Intelligence
JD logistics hires full
Wordle today: The answer and hints for June 27, 2025
paiN defeat Grayhound to qualify for EPL playoffs
Shop the early Prime Day deals on tablets from Apple, Lenovo, and more
Sick, Sad World
Best TV deal: Save 34% on the Insignia 70
42nd Bunka
Save on Kindle bundles ahead of Prime Day 2025
‘Untold Story’ to Be Screened at JANM, Manzanar NHS
Invisible Crisis
Meituan CEO cuts stake in Li Auto amid food delivery price war in China · TechNode
Don't Buy a GPU Now: Wait for Next
Kusatsu Elected President of SAG
This weird planet sports a giant tail like a comet
Much of what lies on the seafloor remains a mystery. NASA is fixing that.
Best early Prime Day Samsung Galaxy deals: Shop Galaxy Buds, Galaxy Tabs, and more
Book on Internment Nominated for YALSA Award
NASA spacecraft zooms by strange asteroid, beams back images
Meeting the Moment in PhiladelphiaGiants vs. Seahawks 2024 livestream: How to watch NFL for freeThe stunning survival story of fat Bear 503Sophie KempGoing Beyond the LawDeath by VideoFresh HellEarly Prime Day deals on noiseShop early soundbar deals for October Prime DayBest early October Prime Day tablet deals: New Amazon Fire HD 8 debuts at 45% off Understanding Machine Code vs. Bytecode What Are Chiplets and Why They Are So Important for the Future of Processors Schumer’s Warning What cracked the Milky Way's giant cosmic bone? Scientists think they know. Save on Kindle bundles ahead of Prime Day 2025 AMD FSR 4 vs Nvidia DLSS 4 at 4K AI Agents Explained: The Next Evolution in Artificial Intelligence Walmart+ members can buy the Switch 2 tonight: Get the details Best early Prime Day Samsung Galaxy deals: Shop Galaxy Buds, Galaxy Tabs, and more Wordle today: The answer and hints for June 27, 2025
0.1431s , 9991.8515625 kb
Copyright © 2025 Powered by 【????? ?????? ??????? ???????? ?? ??????】Feds add Windows, router vulnerabilities to actively exploited list,Global Hot Topic Analysis
