The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog:
This week, Fortinet addressed a critical flaw in FortiOS, tracked as CVE-2024-23113 (CVSS score 9.8). The issue if a format string vulnerability in Fortinet’s FortiOS, FortiPAM, FortiProxy, and FortiWeb products, a remote, unauthenticated attacker can exploit the flaw to execute arbitrary code or commands through crafted requests.
“A use of externally-controlled format string vulnerability [CWE-134] in FortiOS fgfmd daemon may allow a remote unauthentified attacker to execute arbitrary code or commands via specially crafted requests.” reads the advisory.
Fortinet initially declared that it was not aware of attacks in the wild exploiting this flaw.
This week, Ivanti warned of three new security vulnerabilities (CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381) in its Cloud Service Appliance (CSA) that are actively exploited in attacks in the wild.
Below are the descriptions of the three vulnerabilities:
Threat actors are chaining these three vulnerabilities with the CSA zero-day CVE-2024-8963 (CVSS score of 9.4) that the software firm addressed in September.
Threat actors could exploit these vulnerabilities to carry out SQL injection attacks, execute arbitrary code via command injection, and bypass security restrictions by abusing a path traversal weakness on vulnerable CSA gateways.
“Ivanti recommends reviewing the CSA for modified or newly added administrative users. While inconsistent, some attempts may show up in the broker logs which are local to the system. We also recommend reviewing EDR alerts, if you have installed EDR or other security tools on your CSA. As this is an edge device, Ivanti strongly recommends using a layered approach to security and installing an EDR tool on the CSA.” concludes the advisory. “If you suspect compromise, Ivanti’s recommendation is that you rebuild your CSA with version 5.0.2.”
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix this vulnerability by October 30, 2024.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CISA)