FlagThis

Cisco has patched a critical vulnerability in its ClamAV software. The vulnerability, identified as CVE-2025-20128, is a denial of service bug that allows attackers to shut down ClamAV scanning, thus compromising security workflows. Additionally, a privilege escalation flaw in Cisco Meeting Management REST API has been discovered, and a ‘tmiss’ meeting management flaw was also fixed. These vulnerabilities highlight the importance of keeping security software up-to-date.

A critical remote code execution vulnerability (CVE-2024-9042) in Kubernetes allows attackers to execute commands with SYSTEM privileges on all Windows nodes in a cluster. This vulnerability, specifically in the new beta logging feature ‘Log Query’, is easily exploitable, resulting in full system compromise. This highlights the danger of introducing new features without thorough security testing, impacting organizations that rely on Kubernetes. Immediate patching is vital to prevent potential unauthorized access and lateral movement within the Kubernetes environment.

Multiple vulnerabilities have been discovered in rsync, a widely used file transfer program. Six vulnerabilities have been identified, including a critical remote code execution (RCE) vulnerability (CVE-2024-12084) that allows attackers with anonymous read access to an rsync server to execute arbitrary code on the machine. Other vulnerabilities include information leaks and symlink issues. Users are advised to upgrade to rsync version 3.4.0, released on January 14th, to patch these issues and ensure system security. This highlights the importance of timely patching and update process for critical network utilities.

A critical vulnerability, CVE-2024-12856, has been discovered in Four-Faith routers, models F3x24 and F3x36, allowing for remote code execution. The vulnerability, located in the /apply.cgi endpoint, can be exploited by manipulating the adj_time_year parameter. This flaw allows attackers to gain reverse shells on vulnerable devices, potentially leading to malware installation, data theft, and significant network disruptions. Over 15,000 devices with default credentials have been identified as being at high risk, emphasizing the urgent need for remediation.

Threat actors are actively exploiting this vulnerability to gain unauthorized access. Users of Four-Faith routers are strongly advised to update their devices to the latest firmware and implement strong password policies immediately. The vulnerability poses a serious threat to industrial networks and critical infrastructure relying on these devices.