The US National Security Agency issues advisory warning that Russian threat actors are exploiting a recently disclosed vulnerability to install malware on corporate systems and access protected data. The vulnerability was originally given a CVSS score of 9.1 out of a maximum of 10 but was revised last week to 7.2 to reflect the fact that a malicious actor must possess valid credentials for the configurator admin account in order to try to exploit the bug. The agency also recommends that organizations update affected systems to the latest version of the software update.
Source: https://thehackernews.com/2020/12/nsa-warns-russian-hacker-exploiting.html