Ethical Hacking News
Critical Fortinet vulnerability sparks an urgent patch, with CISA warning of active exploitation. Agencies must apply vendor-provided fixes by October 30, 2024. Several other companies, including Palo Alto Networks and Cisco, have also issued patches to remediate security flaws in their respective products.
A critical alert has been issued by CISA regarding a newly discovered vulnerability in Fortinet products, which could allow arbitrary code execution.The affected products include FortiOS, FortiPAM, FortiProxy, and FortiWeb, with the vulnerability tracked as CVE-2024-23113 (CVSS score: 9.8).Palo Alto Networks has also disclosed security flaws in Expedition, including operating system command injection and SQL injection vulnerabilities.CVSS scores for these vulnerabilities range from 7.0 to 9.9, with some allowing unauthenticated attackers to execute arbitrary code or commands.The Federal Civilian Executive Branch (FCEB) agencies are mandated to apply vendor-provided mitigations by October 30, 2024, for optimum protection.Cisco has released patches for a critical command execution flaw in Nexus Dashboard Fabric Controller (NDFC), tracked as CVE-2024-20432 (CVSS score: 9.9).
The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert about a newly discovered vulnerability in Fortinet products that could allow an attacker to execute arbitrary code or commands via specially crafted requests. The vulnerability, tracked as CVE-2024-23113 with a CVSS score of 9.8, was added to the Known Exploited Vulnerabilities (KEV) catalog by CISA due to evidence of active exploitation.
The affected Fortinet products include FortiOS, FortiPAM, FortiProxy, and FortiWeb. A use of externally-controlled format string vulnerability [CWE-134] in FortiOS fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests, according to an advisory from Fortinet back in February 2024.
As a result of the active exploitation, federal civilian executive branch (FCEB) agencies are mandated to apply vendor-provided mitigations by October 30, 2024, for optimum protection. Limiting access to authorized users, hosts, or networks and shutting down the software when not in active use are recommended steps.
Palo Alto Networks has also disclosed multiple security flaws in Expedition that could allow an attacker to read database contents and arbitrary files, in addition to writing arbitrary files to temporary storage locations on the system. The vulnerabilities, which affect all versions of Expedition prior to 1.2.96, include:
- CVE-2024-9463 (CVSS score: 9.9) - An operating system command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root
- CVE-2024-9464 (CVSS score: 9.3) - An OS command injection vulnerability that allows an authenticated attacker to run arbitrary OS commands as root
- CVE-2024-9465 (CVSS score: 9.2) - An SQL injection vulnerability that allows an unauthenticated attacker to reveal Expedition database contents
- CVE-2024-9466 (CVSS score: 8.2) - A cleartext storage of sensitive information vulnerability that allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials
- CVE-2024-9467 (CVSS score: 7.0) - A reflected cross-site scripting (XSS) vulnerability that enables execution of malicious JavaScript in the context of an authenticated Expedition user's browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft
Zach Hanley of Horizon3.ai is credited with discovering and reporting CVE-2024-9464, CVE-2024-9465, and CVE-2024-9466, while Enrique Castillo of Palo Alto Networks is credited for CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, and CVE-2024-9467.
In light of active exploitation and the lack of evidence that the issues have ever been exploited in the wild, however, there is still a recommendation to limit access to authorized users, hosts, or networks and shut down the software when not in active use. There are approximately 23 Expedition servers exposed to the internet, most of which are located in the U.S., Belgium, Germany, the Netherlands, and Australia.
Cisco has also released patches to remediate a critical command execution flaw in Nexus Dashboard Fabric Controller (NDFC) that it said stems from an improper user authorization and insufficient validation of command arguments. The vulnerability, tracked as CVE-2024-20432 with a CVSS score of 9.9, could permit an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device.
Tracked by CISA, this vulnerability has been addressed in NDFC version 12.2.2. It is worth noting that versions 11.5 and earlier are not susceptible.
The Federal Civilian Executive Branch (FCEB) agencies are mandated to apply the vendor-provided mitigations for optimum protection.
Related Information:
https://thehackernews.com/2024/10/cisa-warns-of-critical-fortinet-flaw-as.html
https://nvd.nist.gov/vuln/detail/CVE-2024-23113
https://www.cvedetails.com/cve/CVE-2024-23113/
https://nvd.nist.gov/vuln/detail/CVE-2024-9463
https://www.cvedetails.com/cve/CVE-2024-9463/
https://nvd.nist.gov/vuln/detail/CVE-2024-9464
https://www.cvedetails.com/cve/CVE-2024-9464/
https://nvd.nist.gov/vuln/detail/CVE-2024-9465
https://www.cvedetails.com/cve/CVE-2024-9465/
https://nvd.nist.gov/vuln/detail/CVE-2024-9466
https://www.cvedetails.com/cve/CVE-2024-9466/
https://nvd.nist.gov/vuln/detail/CVE-2024-9467
https://www.cvedetails.com/cve/CVE-2024-9467/
https://nvd.nist.gov/vuln/detail/CVE-2024-20432
https://www.cvedetails.com/cve/CVE-2024-20432/
Published: Thu Oct 10 02:39:52 2024 by llama3.2 3B Q4_K_M
