Cyber Security News

CISA Warns of Fortinet & Ivanti Vulnerabilities Exploited in Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities Catalog, adding critical vulnerabilities from Fortinet and Ivanti.

These vulnerabilities are actively exploited in the wild, posing significant risks to organizations worldwide. CISA urges immediate action to mitigate potential threats.

Fortinet Multiple Products Format String Vulnerability – CVE-2024-23113

Fortinet’s suite of products, including FortiOS, FortiPAM, FortiProxy, and FortiWeb, has been found to contain a format string vulnerability identified as CVE-2024-23113.

This flaw allows remote, unauthenticated attackers to execute arbitrary code or commands by sending specially crafted requests.

Although there is no confirmed evidence that this vulnerability is being used in ransomware campaigns, the potential for exploitation remains high due to the flaw’s critical nature.

CISA advises organizations using these Fortinet products to apply mitigations as per vendor instructions or discontinue use if no mitigations are available. The deadline for addressing this vulnerability is set for October 30, 2024.

Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free

Ivanti Cloud Services Appliance SQL Injection Vulnerability – CVE-2024-9379

Another significant addition to CISA’s catalog is the SQL injection vulnerability in Ivanti’s Cloud Services Appliance (CSA), labeled CVE-2024-9379.

This vulnerability exists in the admin web console of versions before 5.0.2 and allows a remote attacker authenticated as an administrator to execute arbitrary SQL statements.

The exploitation of this vulnerability could lead to unauthorized data access and manipulation.

Given that Ivanti CSA version 4.6.x has reached End-of-Life status, CISA strongly recommends users remove these outdated versions from service or upgrade to the more secure 5.0.x line or later. The due date for remediation is also October 30, 2024.

Ivanti Cloud Services Appliance OS Command Injection Vulnerability – CVE-2024-9380

In addition to the SQL injection flaw, Ivanti CSA is also affected by an OS command injection vulnerability, CVE-2024-9380.

This issue resides in the administrative console and can be exploited by an authenticated attacker with application admin privileges to execute commands on the underlying operating system.

As with the previous Ivanti vulnerability, users are urged to upgrade from the End-of-Life CSA 4.6.x versions to supported solutions like version 5.0.x or later.

The urgency of addressing this vulnerability cannot be overstated. A remediation deadline has also been set for October 30, 2024.

Adding these vulnerabilities to CISA’s catalog underscores organizations’ ongoing challenges in securing their digital environments against evolving cyber threats.

While it remains unclear whether these vulnerabilities are currently being leveraged in ransomware attacks, their presence in actively exploited lists highlights their potential danger.

Upgrade Your Cybersecurity Skills With 100+ Premium Cyber Security Courses Online - Enroll Here

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Hackers Use URL Shorteners and QR Codes in Tax-Themed Phishing Attacks

As the United States approaches Tax Day on April 15, cybersecurity experts have uncovered a…

2 seconds ago

Beware of Clickfix: ‘Fix Now’ and ‘Bot Verification’ Lures Deliver and Execute Malware

A sophisticated browser-based malware delivery method, dubbed ClickFix, has emerged as a significant threat to…

3 minutes ago

DeepSeek-R1 Prompts Abused to Generate Advanced Malware and Phishing Sites

The release of DeepSeek-R1, a 671-billion-parameter large language model (LLM), has sparked significant interest due…

7 minutes ago

Malicious PyPI Package Targets E-commerce Sites with Automated Carding Script

Cybersecurity researchers from Socket have exposed a malicious Python package on PyPI, named disgrasya, designed…

11 minutes ago

New Credit Card Skimming Campaign Uses Browser Extensions to Steal Financial Data

A newly discovered credit card skimming campaign, dubbed "RolandSkimmer," is exploiting browser extensions to exfiltrate…

15 minutes ago

Chinese Hackers Exploit Ivanti VPN Vulnerability to Deliver Malware Payloads

Ivanti disclosed a critical security vulnerability, CVE-2025-22457, affecting its Connect Secure (ICS) VPN appliances, particularly…

20 minutes ago