Ethical Hacking News
The US Cybersecurity and Infrastructure Security Agency (CISA) has added several new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including Fortinet products and Ivanti CSA bugs. These additions pose a significant threat to federal agencies, private organizations, and individuals, highlighting the need for enhanced security measures.
Fortinet products and Ivanti CSA bugs have been added to the Known Exploited Vulnerabilities (KEV) catalog. CVE-2024-23113 vulnerability allows execution of unauthorized code via specially crafted packets in FortiOS products. CVE-2024-9379 and CVE-2024-9380 vulnerabilities are associated with SQL injection and OS command injection in Ivanti CSA admin web console. Threat actors can chain these vulnerabilities for more severe attacks. Ivanti has warned that some customers have been exploited due to chaining of the mentioned vulnerabilities.
The United States Cybersecurity and Infrastructure Security Agency (CISA) has recently added several new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These additions come as a warning to federal agencies, private organizations, and individuals about the potential risks posed by these newly identified security flaws.
At the forefront of this latest update is the inclusion of Fortinet products and Ivanti CSA bugs. The CVE-2024-23113 vulnerability, which has a CVSS score of 9.8, affects multiple Fortinet FortiOS products. This format string vulnerability allows attackers to execute unauthorized code or commands via specially crafted packets. Furthermore, the CVE-2024-9379 vulnerability, with a CVSS score of 6.5, is associated with a SQL injection in the admin web console of Ivanti CSA before version 5.0.2. A remote authenticated attacker with admin privileges can exploit this flaw to run arbitrary SQL statements.
Another significant addition to the KEV catalog is CVE-2024-9380, which has a CVSS score of 7.2. This vulnerability pertains to an OS command injection in the admin web console of Ivanti CSA before version 5.0.2. A remote authenticated attacker with admin privileges can exploit this vulnerability to achieve remote code execution. It is worth noting that threat actors are chaining these three vulnerabilities, including the CSA zero-day CVE-2024-8963, which has a CVSS score of 9.4. This chaining allows attackers to carry out SQL injection attacks, execute arbitrary code via command injection, and bypass security restrictions by abusing a path traversal weakness on vulnerable CSA gateways.
Ivanti has published an advisory stating that a limited number of customers running CSA 4.6 patch 518 and prior have been exploited when CVE-2024-9379, CVE-2024-9380, or CVE-2024-9381 are chained with CVE-2024-8963. However, Ivanti has assured that it has no evidence of any other vulnerabilities being exploited in the wild, and these vulnerabilities do not impact any other Ivanti products or solutions.
Given this update from CISA, experts recommend that private organizations review the KEV catalog and address the identified vulnerabilities in their infrastructure. FCEB agencies are also required to fix these vulnerabilities by October 30, 2024, as per Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities.
As a result of this new addition to the KEV catalog, security experts and organizations must be vigilant in addressing potential security threats posed by these newly identified vulnerabilities. It is essential that federal agencies, private organizations, and individuals prioritize their cyber security measures to prevent exploitation of these vulnerabilities.
Related Information:
https://securityaffairs.com/169804/hacking/u-s-cisa-adds-fortinet-products-and-ivanti-csa-bugs-known-exploited-vulnerabilities-catalog.html
https://nvd.nist.gov/vuln/detail/CVE-2024-23113
https://www.cvedetails.com/cve/CVE-2024-23113/
https://nvd.nist.gov/vuln/detail/CVE-2024-9379
https://www.cvedetails.com/cve/CVE-2024-9379/
https://nvd.nist.gov/vuln/detail/CVE-2024-9380
https://www.cvedetails.com/cve/CVE-2024-9380/
https://nvd.nist.gov/vuln/detail/CVE-2024-8963
https://www.cvedetails.com/cve/CVE-2024-8963/
https://nvd.nist.gov/vuln/detail/CVE-2024-9381
https://www.cvedetails.com/cve/CVE-2024-9381/
https://www.fortinet.com/resources/cyberglossary/malware
https://www.fortinet.com/support/support-services/fortiguard-security-subscriptions/antivirus
Published: Mon Oct 14 16:57:59 2024 by llama3.2 3B Q4_K_M
