Federal agencies have been given strict deadlines to eliminate cyber threats.
The U.S. Cyber Security Agency (CISA) has added three security flaws to its Catalog of Exploitable Vulnerabilities (KEVs) based on evidence of their active exploitation by attackers. The list includes vulnerabilities in Fortinet and Ivanti products that pose a serious threat to federal networks.
The Fortinet vulnerability with the identifier CVE-2024-23113 (CVSS score: 9.8) affects FortiOS, FortiPAM, FortiProxy, and FortiWeb, allowing a remote attacker to execute arbitrary code through specially crafted requests.
The Ivanti vulnerability, tracked as CVE-2024-9379 (CVSS rating: 6.5), allows a remote attacker with administrator privileges to execute arbitrary SQL queries through the Ivanti CSA Web Admin Console. At the same time, the CVE-2024-9380 vulnerability (CVSS rating: 7.2) in the same Ivanti product is related to the injection of operating system commands, which allows a remote attacker to gain access to code execution on the affected system through the same web console.
Patches for all three vulnerabilities have already been released by the affected vendors. US federal agencies are required to eliminate them in their systems by October 30, 2024 to ensure maximum security.
At the same time, Palo Alto Networks reported many vulnerabilities in its Expedition tool that allow an attacker to gain access to the database, device configurations, and other critical data. The most serious of these is CVE-2024-9463 (score: 9.9), which allows unauthenticated users to execute commands as root.
Another critical threat is CVE-2024-9464 (score: 9.3). In terms of impact, it is similar to the previous error, but it already requires authorization, which slightly reduces its danger. Palo Alto thanked the researchers for their help in identifying the issues, while stressing that there is no evidence that these vulnerabilities have been exploited in real-world attacks.
In addition, Cisco fixed a critical vulnerability in the Nexus Dashboard Fabric (NDFC) that allowed attackers to execute commands with network administrator privileges. CVE-2024-20432 (score: 9.9) was fixed in the updated version of NDFC 12.2.2.
Experts recommend that users limit access to vulnerable systems and monitor the timely application of security updates to prevent possible attacks.
Source
The U.S. Cyber Security Agency (CISA) has added three security flaws to its Catalog of Exploitable Vulnerabilities (KEVs) based on evidence of their active exploitation by attackers. The list includes vulnerabilities in Fortinet and Ivanti products that pose a serious threat to federal networks.
The Fortinet vulnerability with the identifier CVE-2024-23113 (CVSS score: 9.8) affects FortiOS, FortiPAM, FortiProxy, and FortiWeb, allowing a remote attacker to execute arbitrary code through specially crafted requests.
The Ivanti vulnerability, tracked as CVE-2024-9379 (CVSS rating: 6.5), allows a remote attacker with administrator privileges to execute arbitrary SQL queries through the Ivanti CSA Web Admin Console. At the same time, the CVE-2024-9380 vulnerability (CVSS rating: 7.2) in the same Ivanti product is related to the injection of operating system commands, which allows a remote attacker to gain access to code execution on the affected system through the same web console.
Patches for all three vulnerabilities have already been released by the affected vendors. US federal agencies are required to eliminate them in their systems by October 30, 2024 to ensure maximum security.
At the same time, Palo Alto Networks reported many vulnerabilities in its Expedition tool that allow an attacker to gain access to the database, device configurations, and other critical data. The most serious of these is CVE-2024-9463 (score: 9.9), which allows unauthenticated users to execute commands as root.
Another critical threat is CVE-2024-9464 (score: 9.3). In terms of impact, it is similar to the previous error, but it already requires authorization, which slightly reduces its danger. Palo Alto thanked the researchers for their help in identifying the issues, while stressing that there is no evidence that these vulnerabilities have been exploited in real-world attacks.
In addition, Cisco fixed a critical vulnerability in the Nexus Dashboard Fabric (NDFC) that allowed attackers to execute commands with network administrator privileges. CVE-2024-20432 (score: 9.9) was fixed in the updated version of NDFC 12.2.2.
Experts recommend that users limit access to vulnerable systems and monitor the timely application of security updates to prevent possible attacks.
Source
