Friday, April 12, 2024

CISA Warns Of Active Exploitation Of Flaws In Fortinet, Ivanti, & Nice Linear

A recent security alert warns of three critical vulnerabilities actively exploited in the wild, of which the first is CVE-2023-48788, an SQL injection vulnerability in Fortinet FortiClient EMS.

Attackers can use SQL injection vulnerabilities to insert malicious SQL code into a program that depends on a database. 

It can give attackers unauthorized access to sensitive information, modify data, or disrupt operations.

The second vulnerability (CVE-2021-44529) is a code injection vulnerability present in the Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA).


Free Webinar : Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.:

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, that helps you to quantify risk accurately:

Code injection vulnerabilities allow attackers to inject malicious code into a legitimate program or application.

In the case of CVE-2021-44529, it enables attackers to take control of the EPM CSA server, steal data, or install malware. 

The third vulnerability (CVE-2019-7256) is an OS command injection vulnerability found in Nice Linear eMerge E3-Series devices, which allows attackers to execute arbitrary commands on the operating system of the affected device. 

It can grant attackers complete control over the device, allowing them to steal data, install malware, or disrupt critical systems, as all three of these vulnerabilities are classified as critical due to the potential severity of an exploit.

As per CISA , a recent security alert highlights three critical vulnerabilities actively exploited by malicious actors, posing a significant risk to federal systems and affecting the following software and devices, which many people use: Nice Linear eMerge E3-Series devices (CVE-2019-7256), which may be used for IP telephony or videoconferencing, Fortinet FortiClient EMS (CVE-2023-48788); and Ivanti Endpoint Manager Cloud Service Appliance (EEM CSA, CVE-2021-44529). 

Example of SQL Injection

The vulnerabilities themselves cover different injection techniques but achieve similar results: attackers can inject malicious code to gain unauthorized access, steal data, install malware, or disrupt system operations. 

The vulnerabilities align with the established Binding Operational Directive (BOD) 22-01, which identified known exploited vulnerabilities as a major threat to federal systems. 

The BOD mandates Federal Civilian Executive Branch (FCEB) agencies to address such vulnerabilities by designated due dates to safeguard their networks from active exploitation.

A security alert underscores the critical importance of promptly addressing vulnerabilities listed in a central catalog, known as vulnerability management, which is essential for maintaining a strong cybersecurity posture. 

It involves proactively identifying, classifying, prioritizing, and remediating security weaknesses in systems and applications, while a specific directive (BOD 22-01) mandates vulnerability management for certain agencies, but all organizations are urged to follow suit. 

Attackers are actively utilizing critical vulnerabilities in the central catalog and taking various forms, including SQL injection, code injection, and OS command injection vulnerabilities. 

In a successful SQL injection attack, for instance, attackers can inject malicious SQL code into a program to steal data or disrupt operations, while code injection vulnerabilities allow attackers to inject malicious code into a target system to achieve similar ends. 

OS command injection vulnerabilities grant attackers the ability to execute arbitrary commands on the operating system, potentially giving them full control over the affected device.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.


Latest articles

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...

Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio...

Sisence Data Breach, CISA Urges To Reset Login Credentials

In response to a recent data breach at Sisense, a provider of data analytics...

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user...

Cyber Attack Surge by 28%:Education Sector at High Risk

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average...

Midnight Blizzard’s Microsoft Corporate Email Hack Threatens Federal Agencies: CISA Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive concerning a...

Taxi App Vendor Data Leak: 300K Passengers Data Exposed

Around 300,000 taxi passengers' personal information was left exposed on the internet, causing concern...
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles