CISA Warns of Fortinet & Ivanti Vulnerabilities Exploited in Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities Catalog, adding critical vulnerabilities from Fortinet and Ivanti.

These vulnerabilities are actively exploited in the wild, posing significant risks to organizations worldwide. CISA urges immediate action to mitigate potential threats.

Fortinet Multiple Products Format String Vulnerability – CVE-2024-23113

Fortinet’s suite of products, including FortiOS, FortiPAM, FortiProxy, and FortiWeb, has been found to contain a format string vulnerability identified as CVE-2024-23113.

This flaw allows remote, unauthenticated attackers to execute arbitrary code or commands by sending specially crafted requests.

Although there is no confirmed evidence that this vulnerability is being used in ransomware campaigns, the potential for exploitation remains high due to the flaw’s critical nature.

CISA advises organizations using these Fortinet products to apply mitigations as per vendor instructions or discontinue use if no mitigations are available. The deadline for addressing this vulnerability is set for October 30, 2024.

Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free

Ivanti Cloud Services Appliance SQL Injection Vulnerability – CVE-2024-9379

Another significant addition to CISA’s catalog is the SQL injection vulnerability in Ivanti’s Cloud Services Appliance (CSA), labeled CVE-2024-9379.

This vulnerability exists in the admin web console of versions before 5.0.2 and allows a remote attacker authenticated as an administrator to execute arbitrary SQL statements.

The exploitation of this vulnerability could lead to unauthorized data access and manipulation.

Given that Ivanti CSA version 4.6.x has reached End-of-Life status, CISA strongly recommends users remove these outdated versions from service or upgrade to the more secure 5.0.x line or later. The due date for remediation is also October 30, 2024.

Ivanti Cloud Services Appliance OS Command Injection Vulnerability – CVE-2024-9380

In addition to the SQL injection flaw, Ivanti CSA is also affected by an OS command injection vulnerability, CVE-2024-9380.

This issue resides in the administrative console and can be exploited by an authenticated attacker with application admin privileges to execute commands on the underlying operating system.

As with the previous Ivanti vulnerability, users are urged to upgrade from the End-of-Life CSA 4.6.x versions to supported solutions like version 5.0.x or later.

The urgency of addressing this vulnerability cannot be overstated. A remediation deadline has also been set for October 30, 2024.

Adding these vulnerabilities to CISA’s catalog underscores organizations’ ongoing challenges in securing their digital environments against evolving cyber threats.

While it remains unclear whether these vulnerabilities are currently being leveraged in ransomware attacks, their presence in actively exploited lists highlights their potential danger.

Upgrade Your Cybersecurity Skills With 100+ Premium Cyber Security Courses Online - Enroll Here