The recent update from the Cybersecurity and Infrastructure Security Agency (CISA) highlights critical vulnerabilities in products from Fortinet and Ivanti that are actively being exploited, raising concerns for organizations worldwide. These vulnerabilities pose significant risks and immediate action is needed to address them effectively.
Fortinet’s suite of products, which includes FortiOS, FortiPAM, FortiProxy, and FortiWeb, has been found to have a format string vulnerability known as CVE-2024-23113. This vulnerability allows remote, unauthenticated attackers to execute arbitrary code or commands through specially crafted requests. While there is no confirmed evidence of this vulnerability being used in ransomware campaigns, the potential for exploitation remains high due to its critical nature. Organizations using these Fortinet products are advised by CISA to apply mitigations as per vendor instructions or discontinue use if no mitigations are available. The deadline for addressing this vulnerability is set for October 30, 2024.
In addition to the Fortinet vulnerability, CISA has added two vulnerabilities affecting Ivanti’s Cloud Services Appliance (CSA) to its catalog. The SQL injection vulnerability labeled CVE-2024-9379 exists in the admin web console of versions before 5.0.2, allowing a remote attacker authenticated as an administrator to execute arbitrary SQL statements. Exploitation of this vulnerability could result in unauthorized data access and manipulation. Given that Ivanti CSA version 4.6.x has reached End-of-Life status, users are strongly recommended to remove these outdated versions from service or upgrade to the more secure 5.0.x line or later by October 30, 2024.
Furthermore, Ivanti CSA is also affected by an OS command injection vulnerability, CVE-2024-9380, in the administrative console. This vulnerability enables an authenticated attacker with application admin privileges to execute commands on the underlying operating system. Users are urged to upgrade from the End-of-Life CSA 4.6.x versions to supported solutions like version 5.0.x or later to mitigate the risk. The remediation deadline for this vulnerability is also October 30, 2024.
The addition of these vulnerabilities to CISA’s Known Exploited Vulnerabilities Catalog emphasizes the ongoing challenges organizations face in securing their digital environments against evolving cyber threats. While the current status of these vulnerabilities in ransomware attacks is unclear, their presence in actively exploited lists underscores the potential danger they pose to organizations.
To address these cybersecurity threats effectively, organizations are encouraged to continuously assess and update their security measures to protect against potential exploits. Cybersecurity skills training through premium courses online can also help professionals stay informed about the latest trends and techniques in combating cyber threats. Investing in cybersecurity education and proactive security measures is crucial in safeguarding digital assets and maintaining the integrity of organizational networks in an increasingly complex threat landscape.