The Cybersecurity and Infrastructure Security Agency has updated its Known Exploited Vulnerabilities catalog to include five security issues impacting Progress WhatsUp Gold, Cisco Small Business RV routers, Hitachi Vantara Pentaho BA servers, and Microsoft Windows Win32k, which should be addressed by federal agencies by Mar. 24, according to Security Affairs.
Most recently discovered of the newly added flaws is the critical Progress WhatsUp Gold path traversal bug, tracked as CVE-2024-4885, which could be leveraged to facilitate remote code execution without authentication, while the medium severity Cisco Small Business router CVE-2023-20118, which will no longer be fixed by Cisco, could be exploited to allow arbitrary command execution or authentication evasion. On the other hand, Windows Win32k is affected by the improper resource shutdown or release flaw, tracked as CVE-2018-8639, while Hitachi Vantara Pentaho BA servers are impacted by the special element injection bug, tracked as CVE-2022-43769, and authorization bypass vulnerability, tracked as CVE-2022-43939.
