The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five security vulnerabilities affecting products from Cisco, Hitachi Vantara, Microsoft, and Progress Software to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation by threat actors.
Expert Analysis
The addition of these vulnerabilities to CISA’s KEV catalog is yet another reminder that unpatched systems remain prime targets for cybercriminals. The fact that attackers are still exploiting a six-year-old Windows vulnerability (CVE-2018-8639) proves that outdated software continues to be a weak link, especially when organizations fail to implement patches that have been available for years.
The situation is even worse for Cisco’s RV Series routers, which have no patches at all due to their end-of-life status. The continued presence of such unmaintained devices in corporate networks is an open invitation for attackers. Organizations relying on unsupported hardware must either replace or isolate these systems immediately—security through neglect is not a viable strategy.
Meanwhile, the vulnerabilities in Hitachi’s Pentaho BA Server and Progress WhatsUp Gold illustrate how enterprise software remains a lucrative target. Unauthorized access, template injection, and path traversal vulnerabilities provide attackers with various entry points into corporate environments. These weaknesses allow for data theft, privilege escalation, and even remote code execution, making them particularly valuable to both cybercriminal groups and state-sponsored actors looking to maintain long-term access.
The takeaway is clear: patch management is not optional. Organizations that fail to update their software or retire legacy systems are not just putting their own data at risk, but also exposing entire supply chains to potential compromise.
Read the full article here.
