Home » Blog » CISA Adds Vulnerabilities in Adminer, Cisco IOS, GoAnywhere MFT, Libraesva ESG, and Sudo to Known Exploited Catalog

Information

CISA Adds Vulnerabilities in Adminer, Cisco IOS, GoAnywhere MFT, Libraesva ESG, and Sudo to Known Exploited Catalog

Benhcmark Administrator

21/10/2025

1 View 0

SaveSavedRemoved 0

Urgent Security Alert: CISA Adds Five Actively Exploited Flaws to Must-Patch List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning, adding five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This action serves as an urgent notice to all organizations: these security flaws are not theoretical threats but are actively being exploited by malicious actors in the wild.

The inclusion in the KEV catalog means that federal agencies are mandated to apply patches by a specific deadline, but the warning extends to all public and private sector organizations. Prioritizing the remediation of these vulnerabilities is essential for maintaining a strong security posture and preventing potential breaches.

Here is a breakdown of the newly added vulnerabilities and the critical actions required to mitigate them.

Cisco IOS XE Privilege Escalation Flaw (CVE-2023-20198)

A significant vulnerability in Cisco’s IOS XE software has been added, highlighting a privilege escalation flaw that attackers are leveraging. This security gap allows a remote, unauthenticated attacker to create an administrator-level account on an affected device. With this level of access, an attacker can gain full control of network infrastructure, leading to data theft, network disruption, or further infiltration into the corporate environment.

• Impact: Complete system compromise, unauthorized administrative access.
• Actionable Advice: This vulnerability was part of a major zero-day attack campaign. Organizations must apply the security updates provided by Cisco immediately to protect their network devices from takeover.

GoAnywhere MFT Authentication Bypass (CVE-2024-0204)

A critical authentication bypass vulnerability has been identified in Fortra’s GoAnywhere MFT (Managed File Transfer) solution. This flaw allows an unauthorized attacker to create a new administrative user via the administration portal. This provides a direct path for attackers to access sensitive data being managed by the MFT solution, modify system configurations, and potentially pivot to other systems on the network.

• Impact: Unauthorized creation of admin accounts, potential for significant data breaches.
• Actionable Advice: Administrators are urged to upgrade their GoAnywhere MFT instances to version 7.4.1 or later to remediate this vulnerability.

Libraesva Email Security Gateway RCE (CVE-2023-6105)

The Libraesva Email Security Gateway (ESG) is affected by a severe vulnerability that could allow for remote code execution (RCE). An attacker can exploit this flaw to run arbitrary commands on the system with the highest level of privileges (root). Because email gateways are positioned at the perimeter of a network, a compromise here can serve as a beachhead for a much wider attack on the entire organization.

• Impact: Full system compromise, potential for network-wide infiltration.
• Actionable Advice: Due to the critical nature of this flaw, applying the available patches from Libraesva is an immediate priority for all users of the ESG appliance.

Sudo Privilege Escalation Flaw (CVE-2021-3156)

A well-known but still dangerous vulnerability in the Sudo utility, a core component of Linux and other Unix-like operating systems, has been added to the KEV catalog. Nicknamed “Baron Samedit,” this heap-based buffer overflow flaw allows any local user, authenticated or not, to escalate their privileges to the root level. This effectively gives an attacker with low-level access complete control over the affected machine.

• Impact: Local privilege escalation to root, enabling full system control.
• Actionable Advice: System administrators must ensure that the Sudo package is updated on all Linux and Unix-based systems. Check with your distribution’s package manager for the latest patched version.

Adminer Server-Side Request Forgery (CVE-2021-21311)

Adminer, a popular web-based database management tool, contains a server-side request forgery (SSRF) vulnerability. Attackers can exploit this flaw to access and exfiltrate the contents of local files on the server, including sensitive configuration files, credentials, and database information. They can also scan the internal network for other vulnerable services.

• Impact: Data exfiltration, disclosure of sensitive credentials, internal network reconnaissance.
• Actionable Advice: It is crucial to update all instances of Adminer to a patched version to prevent attackers from reading sensitive files and mapping your internal network.

Your Immediate Security To-Do List

CISA’s KEV catalog is more than a list; it is an evidence-based directive on where to focus your patching efforts for maximum impact. If a vulnerability is on this list, it means your organization is actively being targeted.

Follow these steps to protect your network:

1. Identify Assets: Scan your environment to determine if you are using any of the vulnerable products listed above.
2. Prioritize Patching: Treat these vulnerabilities with the highest priority, as they pose a clear and present danger to your organization.
3. Apply Updates: Deploy the vendor-supplied patches or mitigation guidance without delay.
4. Verify and Monitor: Confirm that patches have been successfully applied and monitor your systems for any signs of unusual activity or compromise.

Source: https://securityaffairs.com/182771/security/u-s-cisa-adds-adminer-cisco-ios-fortra-goanywhere-mft-libraesva-esg-and-sudo-flaws-to-its-known-exploited-vulnerabilities-catalog.html