The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include five security issues impacting Progress WhatsUp Gold, Cisco Small Business RV routers, Hitachi Vantara Pentaho BA servers, and Microsoft Windows Win32k, which CISA said federal agencies should address by Mar. 24, according to Security Affairs.The most recently-discovered of the newly-added flaws is the critical Progress WhatsUp Gold path traversal bug, tracked as CVE-2024-4885, which attackers could leverage to facilitate remote code execution (RCE) without authentication.The medium-severity Cisco Small Business router CVE-2023-20118, which will no longer be fixed by Cisco, could get exploited to allow arbitrary command execution or authentication evasion.As far as the other bugs go, Windows Win32k is affected by the improper resource shutdown or release flaw, tracked as CVE-2018-8639, while Hitachi Vantara Pentaho BA servers are impacted by the special element injection bug, tracked as CVE-2022-43769, and authorization bypass vulnerability, tracked as CVE-2022-43939.
You can skip this ad in 5 seconds