The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has raised alarms regarding five critical security vulnerabilities affecting software from prominent companies including Cisco, Hitachi Vantara, Microsoft, and Progress. These vulnerabilities have been confirmed to be actively exploited, prompting CISA to add them to its Known Exploited Vulnerabilities (KEV) catalog.

Key Takeaways

• CISA has identified five vulnerabilities in Cisco, Hitachi, Microsoft, and Progress software.

• The vulnerabilities range in severity, with CVE-2024-4885 rated at 9.8, indicating critical risk.

• Federal agencies are urged to implement mitigations by March 24, 2025.

Overview of Vulnerabilities

CISA's recent advisory highlights the following vulnerabilities:

1. CVE-2023-20118 (CVSS score: 6.5)

2. CVE-2022-43939 (CVSS score: 8.6)

3. CVE-2022-43769 (CVSS score: 8.8)

4. CVE-2018-8639 (CVSS score: 7.8)

5. CVE-2024-4885 (CVSS score: 9.8)

Active Exploitation

Recent reports indicate that some of these vulnerabilities are being actively exploited in the wild. Notably, the French cybersecurity firm Sekoia has identified that threat actors are leveraging CVE-2023-20118 to incorporate vulnerable routers into a botnet known as PolarEdge.

Additionally, the Shadowserver Foundation has reported exploitation attempts against CVE-2024-4885, with data showing malicious activity linked to IP addresses from various countries, including Hong Kong, Russia, Brazil, South Korea, and the United Kingdom.

Urgent Call to Action

In light of these findings, CISA has issued a directive for Federal Civilian Executive Branch (FCEB) agencies to apply necessary mitigations by March 24, 2025. This proactive measure aims to secure networks against potential threats stemming from these vulnerabilities.

Organizations using affected software are strongly encouraged to review their systems and apply the latest patches to mitigate risks associated with these vulnerabilities. Failure to act could expose critical infrastructure to significant security threats.

Cybersecurity is critical. BetterWorld Technology offers cutting-edge solutions to combat evolving threats while driving innovation. Protect your business with confidence—contact us today for a consultation!

Sources

• Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited—CISA Sounds Alarm, The Hacker News.