Security News > 2025 > March > Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited—CISA Sounds Alarm
2025-03-04 04:39
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting software from Cisco, Hitachi Vantara, Microsoft Windows, and Progress WhatsUp Gold to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2023-20118 (CVSS score: 6.5) - A command injection
News URL
https://thehackernews.com/2025/03/cisco-hitachi-microsoft-and-progress.html
Related news
- CISA shares guidance for Microsoft expanded logging capabilities (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation (source)
- CISA tags Windows, Cisco vulnerabilities as actively exploited (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-13 | CVE-2023-20118 | Improper Input Validation vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. | 7.2 |