CISA has warned US federal agencies to secure their systems against attacks exploiting vulnerabilities in Cisco and Windows systems:
While the cybersecurity agency has tagged these flaws as actively exploited in the wild, it has yet to provide specific details regarding this malicious activity and who is behind it.
The first flaw (tracked as CVE-2023-20118) enables attackers to execute arbitrary commands on RV016, RV042, RV042G, RV082, RV320, and RV325 VPN routers. While it requires valid administrative credentials, this can still be achieved by chaining the CVE-2023-20025 authentication bypass, which provides root privileges.
Cisco says in an advisory published in January 2023 and updated one year later that its Product Security Incident Response Team (PSIRT) is aware of CVE-2023-20025 publicly available proof-of-concept exploit code.
The second security bug (CVE-2018-8639) is a Win32k elevation of privilege flaw that local attackers logged into the target system can exploit to run arbitrary code in kernel mode. Successful exploitation also allows them to alter data or create rogue accounts with full user rights to take over vulnerable Windows devices.
According to a security advisory issued by Microsoft in December 2018, this vulnerability impacts client (Windows 7 or later) and server (Windows Server 2008 and up) platforms.
Originally spotted on Schneier on Security.
(Score: 3, Interesting) by Username on Monday March 10, @01:49PM (1 child)
Eh, if they are at the terminal, you have bigger security issues than a network one. But I could see cia,fbi, deepstate just demanding access, then using the exploit to bypass kerberos.
(Score: 5, Interesting) by Username on Monday March 10, @04:46PM
Back in the nt and early xp days, just to click help on the username password domain challenge, it would open a page in an embedded ie5/6. Right click view source, opens notepad, the use notepads run prompt to open explorer.exe.