Authorities include Windows and router vulnerabilities in the list of actively exploited threats.

The United States Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its list of actively exploited vulnerabilities, in a move aimed at alerting federal agencies about threats currently affecting systems. One of the most notable exploits is CVE-2023-20118, which allows hackers to execute commands remotely on certain VPN routers. The affected models include the Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325. According to CISA, an attacker could exploit this vulnerability by sending a specially crafted HTTP request to the web-based management interface. If the attack is successful, the intruder could obtain root-level privileges and access unauthorized data.

To exploit this vulnerability, the attacker would require administrator credentials. However, as noted, it is possible that hackers could bypass this authentication through another vulnerability, CVE-2023-20025. Additionally, CISA has included the vulnerability CVE-2018-8639 on its list, which affects a wide range of Windows operating systems, such as Windows 7, Windows Server 2012 R2, Windows RT 8.1, and more recent versions up to Windows 10 and Windows 10 Servers. CISA indicates that this flaw originates in the Win32k component of Windows, which does not properly handle objects in memory. An attacker with local access to a vulnerable system could use this vulnerability to execute arbitrary code in kernel mode. It has been reported that a malicious actor could exploit this flaw to alter data or create fake accounts with full user rights, enabling control over vulnerable Windows devices. So far, neither Microsoft nor Cisco has issued security advisories related to these two exploits.