Cyber Security News

CISA Warns of Fortinet & Ivanti Vulnerabilities Exploited in Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities Catalog, adding critical vulnerabilities from Fortinet and Ivanti.

These vulnerabilities are actively exploited in the wild, posing significant risks to organizations worldwide. CISA urges immediate action to mitigate potential threats.

Fortinet Multiple Products Format String Vulnerability – CVE-2024-23113

Fortinet’s suite of products, including FortiOS, FortiPAM, FortiProxy, and FortiWeb, has been found to contain a format string vulnerability identified as CVE-2024-23113.

This flaw allows remote, unauthenticated attackers to execute arbitrary code or commands by sending specially crafted requests.

Although there is no confirmed evidence that this vulnerability is being used in ransomware campaigns, the potential for exploitation remains high due to the flaw’s critical nature.

CISA advises organizations using these Fortinet products to apply mitigations as per vendor instructions or discontinue use if no mitigations are available. The deadline for addressing this vulnerability is set for October 30, 2024.

Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free

Ivanti Cloud Services Appliance SQL Injection Vulnerability – CVE-2024-9379

Another significant addition to CISA’s catalog is the SQL injection vulnerability in Ivanti’s Cloud Services Appliance (CSA), labeled CVE-2024-9379.

This vulnerability exists in the admin web console of versions before 5.0.2 and allows a remote attacker authenticated as an administrator to execute arbitrary SQL statements.

The exploitation of this vulnerability could lead to unauthorized data access and manipulation.

Given that Ivanti CSA version 4.6.x has reached End-of-Life status, CISA strongly recommends users remove these outdated versions from service or upgrade to the more secure 5.0.x line or later. The due date for remediation is also October 30, 2024.

Ivanti Cloud Services Appliance OS Command Injection Vulnerability – CVE-2024-9380

In addition to the SQL injection flaw, Ivanti CSA is also affected by an OS command injection vulnerability, CVE-2024-9380.

This issue resides in the administrative console and can be exploited by an authenticated attacker with application admin privileges to execute commands on the underlying operating system.

As with the previous Ivanti vulnerability, users are urged to upgrade from the End-of-Life CSA 4.6.x versions to supported solutions like version 5.0.x or later.

The urgency of addressing this vulnerability cannot be overstated. A remediation deadline has also been set for October 30, 2024.

Adding these vulnerabilities to CISA’s catalog underscores organizations’ ongoing challenges in securing their digital environments against evolving cyber threats.

While it remains unclear whether these vulnerabilities are currently being leveraged in ransomware attacks, their presence in actively exploited lists highlights their potential danger.

Upgrade Your Cybersecurity Skills With 100+ Premium Cyber Security Courses Online - Enroll Here

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Lumma Stealer Upgraded with PowerShell Tools and Advanced Evasion Techniques

Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware has…

10 hours ago

New Noodlophile Malware Spreads Through Fake AI Video Generation Platforms

Cybercriminals have unleashed a new malware campaign using fake AI video generation platforms as a…

10 hours ago

Kimsuky Hacker Group Deploys New Phishing Techniques and Malware Campaigns

The North Korean state-sponsored Advanced Persistent Threat (APT) group Kimsuky, also known as “Black Banshee,”…

10 hours ago

APT37 Hackers Use Weaponized LNK Files and Dropbox for Command-and-Control Operations

The North Korean state-sponsored hacking group APT37, also known as ScarCruft, launched a spear phishing…

10 hours ago

Open Source Linux Firewall IPFire 2.29 – Core Update 194 Released: What’s New!

IPFire, the powerful open-source firewall, has unveiled its latest release, IPFire 2.29 – Core Update…

14 hours ago

Threat Actors Leverage DDoS Attacks as Smokescreens for Data Theft

Distributed Denial of Service (DDoS) attacks, once seen as crude tools for disruption wielded by…

14 hours ago