Overview

The Cybersecurity and Infrastructure Security Agency (CISA) has recently added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, all of which are actively being exploited by malicious actors.

These vulnerabilities span multiple software platforms, and their exploitation could lead to severe security breaches, particularly for government agencies and enterprises. The new additions include injection vulnerabilities and remote code execution flaws that present cybersecurity risks to affected systems.

The five vulnerabilities added to the KEV Catalog are as follows:

1. CVE-2023-20118 – Cisco Small Business RV Series Routers Command Injection Vulnerability
2. CVE-2022-43939 – Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
3. CVE-2022-43769 – Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
4. CVE-2018-8639 – Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
5. CVE-2024-4885 – Progress WhatsUp Gold Path Traversal Vulnerability

Cybercriminals have actively targeted these vulnerabilities, which pose a significant risk to systems that have not been patched or are still running vulnerable software versions.

CVE-2023-20118: Cisco Small Business Routers Command Injection Vulnerability

Published on April 5, 2023, CVE-2023-20118 affects several Cisco Small Business RV Series Routers, including the RV016, RV042, RV042G, RV082, RV320, and RV325 models. The vulnerability exists due to improper validation of user input within incoming HTTP requests in the web-based management interface. This flaw enables an authenticated, remote attacker to execute arbitrary commands on the affected devices, potentially gaining root-level privileges and unauthorized access to sensitive data.

Although Cisco has acknowledged this vulnerability, the company has chosen not to release patches for the affected routers. Administrators are advised to assess whether their devices are affected and, if so, consider upgrading to newer models or implementing network segmentation to mitigate potential exploitation.

CVE-2022-43939: Hitachi Vantara Pentaho BA Server Authorization Bypass

The CVE-2022-43939 vulnerability, identified in the Hitachi Vantara Pentaho Business Analytics (BA) Server, affects versions prior to 9.4.0.1 and 9.3.0.2, including 8.3.x. This vulnerability allows attackers to bypass security restrictions by exploiting non-canonical URLs used for authorization decisions. As a result, attackers can gain unauthorized access to protected resources, significantly jeopardizing the confidentiality of sensitive data.

Published on April 3, 2023, this high-severity flaw has been addressed in more recent versions of the Pentaho BA Server. Affected organizations are strongly encouraged to update their systems to the latest available versions to close the security gap.

CVE-2022-43769: Special Element Injection in Hitachi Vantara Pentaho BA Server

Another critical vulnerability in the Hitachi Vantara Pentaho BA Server is CVE-2022-43769, which stems from the failure to properly sanitize special elements within the server. This special element injection vulnerability allows attackers to insert malicious Spring templates into property values, which are then processed by the server and potentially exploited for code execution.

With a CVSS score of 8.8, this vulnerability presents a severe risk to organizations using affected versions of the Pentaho BA Server. The flaw was disclosed on April 3, 2023, and updated guidance to mitigate the risk was provided in subsequent releases. As with CVE-2022-43939, administrators are urged to patch their systems promptly.

CVE-2018-8639: Microsoft Windows Win32k Improper Resource Shutdown

CVE-2018-8639 is an elevation of privilege vulnerability found in Microsoft’s Win32k component, which handles the management of objects in memory. The flaw arises due to improper resource shutdown or release and affects multiple versions of Windows, including Windows 7, Windows 10, and Windows Server editions. This vulnerability enables attackers to gain elevated system privileges, potentially allowing them to execute arbitrary code or install malware on the system.

Though CVE-2018-8639 was first published on December 12, 2018, it continues to pose a risk to legacy systems and those that have not been patched with the necessary updates. Organizations are advised to regularly update their Windows environments to mitigate the risks posed by this vulnerability.

CVE-2024-4885: Progress WhatsUp Gold Path Traversal Vulnerability

The latest addition to the KEV Catalog is CVE-2024-4885, which affects Progress WhatsUp Gold, a network monitoring software. This path traversal vulnerability allows unauthenticated attackers to execute remote code on the affected system. By exploiting the flaw, an attacker could traverse restricted directories and execute commands with system privileges, leading to potential system compromise.

Discovered on June 25, 2024, CVE-2024-4885 has been assigned a critical CVSS score of 9.8, indicating the severity of the vulnerability. To secure their systems, affected users are strongly recommended to upgrade to WhatsUp Gold version 2023.1.3 or later.

Best Practices for Mitigating Vulnerabilities

Organizations looking to protect themselves from these and other known exploited vulnerabilities should adopt several best practices:

1. Apply software and firmware updates from vendors as soon as they become available. Vendors like Cisco and Microsoft often provide patches to address known vulnerabilities, but prompt implementation is crucial.
2. By dividing a network into isolated segments, organizations can limit the exposure of critical assets, reducing the attack surface available to attackers. This can be especially useful for mitigating vulnerabilities like CVE-2023-20118 in Cisco routers.
3. Conduct routine vulnerability assessments and penetration testing (VAPT) to identify and address security gaps. Regular audits can help identify injection vulnerabilities, such as CVE-2022-43769, before they are exploited.
4. Implement advanced security monitoring tools, such as SIEM (Security Information and Event Management) systems, to detect unusual activity and potential exploitation of known vulnerabilities. These tools can help identify suspicious behavior related to vulnerabilities like CVE-2022-43939.
5. Stay informed about zero-day vulnerabilities and exploits, as threat actors are constantly looking for new attack vectors. A comprehensive threat intelligence service can help organizations stay protected from cyber threats.

Conclusion

The addition of CVE-2023-20118, CVE-2022-43939, CVE-2022-43769, CVE-2018-8639, and CVE-2024-4885 to the CISA Known Exploited Vulnerabilities Catalog highlights the increasing need for organizations to be vigilant about patching known vulnerabilities. These vulnerabilities affect routers, analytics servers, operating systems, and network monitoring tools.

By staying current with patches, implementing security measures, and regularly testing systems for weaknesses, organizations can reduce the risk of exploitation. Moreover, focusing on vulnerabilities with active exploitation, such as CVE-2023-20118 and CVE-2024-4885, ensures that organizations prioritize the protection of their most critical assets.

References

• https://www.cisa.gov/news-events/alerts/2025/03/03/cisa-adds-five-known-exploited-vulnerabilities-catalog
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• https://www.cve.org/CVERecord?id=CVE-2023-20118
• https://www.cve.org/CVERecord?id=CVE-2022-43939
• https://www.cve.org/CVERecord?id=CVE-2022-43769
• https://www.cve.org/CVERecord?id=CVE-2018-8639
• https://www.cve.org/CVERecord?id=CVE-2024-4885

Related

Disclaimer: This blog is based on our research and the information available at the time of writing. It is for informational purposes only and does not constitute legal, financial, or professional advice. While we strive for accuracy, we do not guarantee the completeness or reliability of the content. If any sensitive information has been inadvertently included, please contact us for correction. Cyble is not responsible for any errors, omissions, or decisions made based on this content. Readers should verify findings and seek expert advice where necessary. All trademarks, logos, and third-party content belong to their respective owners and do not imply endorsement or affiliation. All content is presented “as is” without any guarantee that it is free of confidential, proprietary, or otherwise sensitive information. If you believe any portion of this content contains inadvertently shared or sensitive data, please contact us immediately so that we may address and rectify the issue. No Liability for Errors or Omissions Due to the dynamic nature of cyber threat activity, this [blog/report/article] may include partial, outdated, or otherwise incorrect information due to unverified sources, evolving security threats, or human error. We expressly disclaim any liability for errors or omissions or any potential consequences arising from the use, misuse, or reliance on this information.