Friday, November 1, 2024
HomeCVE/vulnerabilityCISA Warns of Fortinet & Ivanti Vulnerabilities Exploited in Attacks

CISA Warns of Fortinet & Ivanti Vulnerabilities Exploited in Attacks

Published on

Malware protection

The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities Catalog, adding critical vulnerabilities from Fortinet and Ivanti.

These vulnerabilities are actively exploited in the wild, posing significant risks to organizations worldwide. CISA urges immediate action to mitigate potential threats.

Fortinet Multiple Products Format String Vulnerability – CVE-2024-23113

Fortinet’s suite of products, including FortiOS, FortiPAM, FortiProxy, and FortiWeb, has been found to contain a format string vulnerability identified as CVE-2024-23113.

- Advertisement - SIEM as a Service

This flaw allows remote, unauthenticated attackers to execute arbitrary code or commands by sending specially crafted requests.

Although there is no confirmed evidence that this vulnerability is being used in ransomware campaigns, the potential for exploitation remains high due to the flaw’s critical nature.

CISA advises organizations using these Fortinet products to apply mitigations as per vendor instructions or discontinue use if no mitigations are available. The deadline for addressing this vulnerability is set for October 30, 2024.

Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free

Ivanti Cloud Services Appliance SQL Injection Vulnerability – CVE-2024-9379

Another significant addition to CISA’s catalog is the SQL injection vulnerability in Ivanti’s Cloud Services Appliance (CSA), labeled CVE-2024-9379.

This vulnerability exists in the admin web console of versions before 5.0.2 and allows a remote attacker authenticated as an administrator to execute arbitrary SQL statements.

The exploitation of this vulnerability could lead to unauthorized data access and manipulation.

Given that Ivanti CSA version 4.6.x has reached End-of-Life status, CISA strongly recommends users remove these outdated versions from service or upgrade to the more secure 5.0.x line or later. The due date for remediation is also October 30, 2024.

Ivanti Cloud Services Appliance OS Command Injection Vulnerability – CVE-2024-9380

In addition to the SQL injection flaw, Ivanti CSA is also affected by an OS command injection vulnerability, CVE-2024-9380.

This issue resides in the administrative console and can be exploited by an authenticated attacker with application admin privileges to execute commands on the underlying operating system.

As with the previous Ivanti vulnerability, users are urged to upgrade from the End-of-Life CSA 4.6.x versions to supported solutions like version 5.0.x or later.

The urgency of addressing this vulnerability cannot be overstated. A remediation deadline has also been set for October 30, 2024.

Adding these vulnerabilities to CISA’s catalog underscores organizations’ ongoing challenges in securing their digital environments against evolving cyber threats.

While it remains unclear whether these vulnerabilities are currently being leveraged in ransomware attacks, their presence in actively exploited lists highlights their potential danger.

Upgrade Your Cybersecurity Skills With 100+ Premium Cyber Security Courses Online - Enroll Here

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...