Thursday, December 5, 2024
HomeCVE/vulnerabilityCISA Warns Of Active Exploitation Of Flaws In Fortinet, Ivanti, & Nice...

CISA Warns Of Active Exploitation Of Flaws In Fortinet, Ivanti, & Nice Linear

Published on

SIEM as a Service

A recent security alert warns of three critical vulnerabilities actively exploited in the wild, of which the first is CVE-2023-48788, an SQL injection vulnerability in Fortinet FortiClient EMS.

Attackers can use SQL injection vulnerabilities to insert malicious SQL code into a program that depends on a database. 

It can give attackers unauthorized access to sensitive information, modify data, or disrupt operations.

- Advertisement - SIEM as a Service

The second vulnerability (CVE-2021-44529) is a code injection vulnerability present in the Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA).

Document

Free Webinar : Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.:

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

AcuRisQ, that helps you to quantify risk accurately:

Code injection vulnerabilities allow attackers to inject malicious code into a legitimate program or application.

In the case of CVE-2021-44529, it enables attackers to take control of the EPM CSA server, steal data, or install malware. 

The third vulnerability (CVE-2019-7256) is an OS command injection vulnerability found in Nice Linear eMerge E3-Series devices, which allows attackers to execute arbitrary commands on the operating system of the affected device. 

It can grant attackers complete control over the device, allowing them to steal data, install malware, or disrupt critical systems, as all three of these vulnerabilities are classified as critical due to the potential severity of an exploit.

As per CISA , a recent security alert highlights three critical vulnerabilities actively exploited by malicious actors, posing a significant risk to federal systems and affecting the following software and devices, which many people use: Nice Linear eMerge E3-Series devices (CVE-2019-7256), which may be used for IP telephony or videoconferencing, Fortinet FortiClient EMS (CVE-2023-48788); and Ivanti Endpoint Manager Cloud Service Appliance (EEM CSA, CVE-2021-44529). 

Example of SQL Injection

The vulnerabilities themselves cover different injection techniques but achieve similar results: attackers can inject malicious code to gain unauthorized access, steal data, install malware, or disrupt system operations. 

The vulnerabilities align with the established Binding Operational Directive (BOD) 22-01, which identified known exploited vulnerabilities as a major threat to federal systems. 

The BOD mandates Federal Civilian Executive Branch (FCEB) agencies to address such vulnerabilities by designated due dates to safeguard their networks from active exploitation.

A security alert underscores the critical importance of promptly addressing vulnerabilities listed in a central catalog, known as vulnerability management, which is essential for maintaining a strong cybersecurity posture. 

It involves proactively identifying, classifying, prioritizing, and remediating security weaknesses in systems and applications, while a specific directive (BOD 22-01) mandates vulnerability management for certain agencies, but all organizations are urged to follow suit. 

Attackers are actively utilizing critical vulnerabilities in the central catalog and taking various forms, including SQL injection, code injection, and OS command injection vulnerabilities. 

In a successful SQL injection attack, for instance, attackers can inject malicious SQL code into a program to steal data or disrupt operations, while code injection vulnerabilities allow attackers to inject malicious code into a target system to achieve similar ends. 

OS command injection vulnerabilities grant attackers the ability to execute arbitrary commands on the operating system, potentially giving them full control over the affected device.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

One Identity Named Winner of the Coveted Top InfoSec Innovator Awards for 2024

One Identity named Hot Company: Privileged Access Management (PAM) in 12th Cyber Defense Magazine’s...

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

One Identity Named Winner of the Coveted Top InfoSec Innovator Awards for 2024

One Identity named Hot Company: Privileged Access Management (PAM) in 12th Cyber Defense Magazine’s...

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...