CISA warns U.S. federal agencies to secure systems against actively exploited vulnerabilities in Cisco and Windows devices, urging immediate patching to protect against potential cyberattacks.

Continue reading
The Cybersecurity and Infrastructure Security Agency (CISA) has warned U.S. federal agencies regarding vulnerabilities in Cisco and Windows systems that are being actively exploited in the wild. The vulnerabilities, tracked as CVE-2023-20118 and CVE-2018-8639, pose significant risks to federal systems and require immediate attention.
The first vulnerability, CVE-2023-20118, affects multiple Cisco Small Business VPN routers, including models RV016, RV042, RV042G, RV082, RV320, and RV325. This flaw allows attackers to execute arbitrary commands on the affected routers. While administrative credentials are required to exploit the flaw, attackers can bypass authentication using CVE-2023-20025, which grants root privileges.
Impact: The vulnerability exposes organizations to the risk of unauthorized control over critical network infrastructure, potentially leading to further attacks within the internal network.
Mitigation: Cisco has issued advisories recommending that affected organizations upgrade to the latest firmware versions. It is also advised to restrict access to router management interfaces and monitor device logs for unusual activity.
The second vulnerability, CVE-2018-8639, is a local privilege escalation (LPE) flaw in the Windows Win32k component. Local attackers can exploit this bug to execute arbitrary code in kernel mode, allowing them to gain full control over a target system. The flaw affects both client and server versions of Windows, including Windows 7 and later, and Windows Server 2008 and up.
Impact: Successful exploitation can lead to significant data manipulation, creating rogue user accounts, and, ultimately, full system compromise.
Mitigation: Microsoft has already released security updates addressing this issue, and organizations are urged to apply the patches immediately. Furthermore, users should follow least-privilege principles and regularly audit local accounts for suspicious activity.
In response to the active exploitation of these vulnerabilities, CISA has added CVE-2023-20118 and CVE-2018-8639 to its Known Exploited Vulnerabilities Catalog. The catalog highlights vulnerabilities that have been actively exploited in attacks, necessitating urgent attention from organizations.
Under the Binding Operational Directive (BOD) 22-01, U.S. Federal Civilian Executive Branch (FCEB) agencies have until 23 March to secure their networks against these vulnerabilities. This mandate applies not only to federal agencies but also serves as a reminder for all organizations to prioritize patching and securing vulnerable systems.
CISA’s warning follows previous advisories, including actively exploiting a Microsoft Outlook remote code execution (RCE) vulnerability (CVE-2024-21413), for which federal agencies were instructed to apply patches by 27 February 2025. Though this particular RCE issue is not the subject of the current warning, its mention highlights the ongoing risks posed by unpatched software.
As cyberattacks become more sophisticated and targeted, the risks posed by vulnerabilities like CVE-2023-20118 and CVE-2018-8639 are ever more significant. CISA’s warning underscores the importance of proactive cybersecurity measures, timely patching, and vigilance to defend against ongoing exploitation of critical vulnerabilities.

A publicly accessible registration portal, a misconfigured Entra tenant, and no server-side authorization checks. That was enough to reach the systems controlling live World Cup streams