Tuesday, February 11, 2025
HomeCVE/vulnerabilityCISA Warns of Fortinet & Ivanti Vulnerabilities Exploited in Attacks

CISA Warns of Fortinet & Ivanti Vulnerabilities Exploited in Attacks

Published on

SIEM as a Service

Follow Us on Google News

The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities Catalog, adding critical vulnerabilities from Fortinet and Ivanti.

These vulnerabilities are actively exploited in the wild, posing significant risks to organizations worldwide. CISA urges immediate action to mitigate potential threats.

Fortinet Multiple Products Format String Vulnerability – CVE-2024-23113

Fortinet’s suite of products, including FortiOS, FortiPAM, FortiProxy, and FortiWeb, has been found to contain a format string vulnerability identified as CVE-2024-23113.

This flaw allows remote, unauthenticated attackers to execute arbitrary code or commands by sending specially crafted requests.

Although there is no confirmed evidence that this vulnerability is being used in ransomware campaigns, the potential for exploitation remains high due to the flaw’s critical nature.

CISA advises organizations using these Fortinet products to apply mitigations as per vendor instructions or discontinue use if no mitigations are available. The deadline for addressing this vulnerability is set for October 30, 2024.

Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free

Ivanti Cloud Services Appliance SQL Injection Vulnerability – CVE-2024-9379

Another significant addition to CISA’s catalog is the SQL injection vulnerability in Ivanti’s Cloud Services Appliance (CSA), labeled CVE-2024-9379.

This vulnerability exists in the admin web console of versions before 5.0.2 and allows a remote attacker authenticated as an administrator to execute arbitrary SQL statements.

The exploitation of this vulnerability could lead to unauthorized data access and manipulation.

Given that Ivanti CSA version 4.6.x has reached End-of-Life status, CISA strongly recommends users remove these outdated versions from service or upgrade to the more secure 5.0.x line or later. The due date for remediation is also October 30, 2024.

Ivanti Cloud Services Appliance OS Command Injection Vulnerability – CVE-2024-9380

In addition to the SQL injection flaw, Ivanti CSA is also affected by an OS command injection vulnerability, CVE-2024-9380.

This issue resides in the administrative console and can be exploited by an authenticated attacker with application admin privileges to execute commands on the underlying operating system.

As with the previous Ivanti vulnerability, users are urged to upgrade from the End-of-Life CSA 4.6.x versions to supported solutions like version 5.0.x or later.

The urgency of addressing this vulnerability cannot be overstated. A remediation deadline has also been set for October 30, 2024.

Adding these vulnerabilities to CISA’s catalog underscores organizations’ ongoing challenges in securing their digital environments against evolving cyber threats.

While it remains unclear whether these vulnerabilities are currently being leveraged in ransomware attacks, their presence in actively exploited lists highlights their potential danger.

Upgrade Your Cybersecurity Skills With 100+ Premium Cyber Security Courses Online - Enroll Here

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Hackers Exploit Valentine’s Day Domains for Sneaky Cyber Attacks

Cybercriminals are capitalizing on the season of love to launch sneaky and deceptive cyberattacks.According...

EARLYCROW: Detecting APT Malware Command and Control Activities Over HTTPS

Advanced Persistent Threats (APTs) represent a sophisticated and stealthy category of cyberattacks targeting critical...

Enhanced IllusionCAPTCHA: Advanced Protection Against AI-Powered CAPTCHA Attacks

As AI technologies continue to evolve, traditional CAPTCHA systems face increasing vulnerabilities.Recent studies...

Akira Ransomware Dominates January 2025 as the Most Active Ransomware Threat

January 2025 marked a pivotal month in the ransomware landscape, with Akira emerging as...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Hackers Exploit Valentine’s Day Domains for Sneaky Cyber Attacks

Cybercriminals are capitalizing on the season of love to launch sneaky and deceptive cyberattacks.According...

EARLYCROW: Detecting APT Malware Command and Control Activities Over HTTPS

Advanced Persistent Threats (APTs) represent a sophisticated and stealthy category of cyberattacks targeting critical...

Enhanced IllusionCAPTCHA: Advanced Protection Against AI-Powered CAPTCHA Attacks

As AI technologies continue to evolve, traditional CAPTCHA systems face increasing vulnerabilities.Recent studies...