Teacher
Professional
- Messages
- 2,670
- Reaction score
- 791
- Points
- 113
New vulnerability fixes are aimed at protecting data and preventing hacking.
Cisco, Fortinet, and VMware have released security updates to address a variety of vulnerabilities, including critical flaws that can be exploited to perform arbitrary actions on affected devices.
Cisco has identified three vulnerabilities in the Cisco Expressway device series-CVE-2024-20252 (CVSS score: 9.6) and CVE-2024-20254 (CVSS score: 9.6) and CVE-2024-20255 (CVSS score: 8.2). Vulnerabilities allow an unauthenticated remote hacker to perform cross-Site Request forgery, CSRF).
The problems were identified during internal security testing and are related to insufficient CSRF protection in the web management interface, which may allow an attacker to perform actions on behalf of a user with their privilege level. In the case of administrative rights, the impact may include changing the system configuration and creating new privileged accounts. In addition, in the case of CVE-2024-20255, a hacker can overwrite the system configuration settings, which will lead to Denial of Service (DoS). Vulnerability fixes are available in Cisco Expressway Series Release versions 14.3.4 and 15.0.0.
Fortinet has released updates to address critical vulnerabilities in the FortiSIEM supervisor that can lead to arbitrary code execution. Vulnerabilities CVE-2024-23108 (CVSS score: 9.8) and CVE-2024-23109 (CVSS score: 9.8) allow remote unauthorized attackers to execute unauthorized commands via specially generated API requests.
VMware has warned of five vulnerabilities in Aria Operations for Networks (formerly known as vRealize Network Insight), including Local Privilege Escalation (LPE) and XSS (Cross Site Scripting) vulnerabilities that can allow an attacker with administrative privileges to inject malicious code or gain access to confidential information.
In light of the history of exploiting vulnerabilities related to Cisco, Fortinet, and VMware products, immediate patching is a necessary and critical step that organizations must take to address these vulnerabilities.
Cisco, Fortinet, and VMware have released security updates to address a variety of vulnerabilities, including critical flaws that can be exploited to perform arbitrary actions on affected devices.
Cisco has identified three vulnerabilities in the Cisco Expressway device series-CVE-2024-20252 (CVSS score: 9.6) and CVE-2024-20254 (CVSS score: 9.6) and CVE-2024-20255 (CVSS score: 8.2). Vulnerabilities allow an unauthenticated remote hacker to perform cross-Site Request forgery, CSRF).
The problems were identified during internal security testing and are related to insufficient CSRF protection in the web management interface, which may allow an attacker to perform actions on behalf of a user with their privilege level. In the case of administrative rights, the impact may include changing the system configuration and creating new privileged accounts. In addition, in the case of CVE-2024-20255, a hacker can overwrite the system configuration settings, which will lead to Denial of Service (DoS). Vulnerability fixes are available in Cisco Expressway Series Release versions 14.3.4 and 15.0.0.
Fortinet has released updates to address critical vulnerabilities in the FortiSIEM supervisor that can lead to arbitrary code execution. Vulnerabilities CVE-2024-23108 (CVSS score: 9.8) and CVE-2024-23109 (CVSS score: 9.8) allow remote unauthorized attackers to execute unauthorized commands via specially generated API requests.
VMware has warned of five vulnerabilities in Aria Operations for Networks (formerly known as vRealize Network Insight), including Local Privilege Escalation (LPE) and XSS (Cross Site Scripting) vulnerabilities that can allow an attacker with administrative privileges to inject malicious code or gain access to confidential information.
In light of the history of exploiting vulnerabilities related to Cisco, Fortinet, and VMware products, immediate patching is a necessary and critical step that organizations must take to address these vulnerabilities.
