The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Wednesday added a crucial safety flaw impacting Fortinet merchandise to its Recognized Exploited Vulnerabilities (KEV) catalog, citing proof of lively exploitation.
The vulnerability, tracked as CVE-2024-23113 (CVSS rating: 9.8), pertains to circumstances of distant code execution that impacts FortiOS, FortiPAM, FortiProxy, and FortiWeb.
“A use of externally-controlled format string vulnerability [CWE-134] in FortiOS fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests,” Fortinet famous in an advisory for the flaw again in February 2024.
As is often the case, the bulletin is sparse on particulars associated to how the shortcoming is being exploited within the wild, or who’s weaponizing it and towards whom.
In gentle of lively exploitation, Federal Civilian Govt Department (FCEB) businesses are mandated to use the vendor-provided mitigations by October 30, 2024, for optimum safety.
Palo Alto Networks Discloses Important Bugs in Expedition
The event comes as Palo Alto Networks disclosed a number of safety flaws in Expedition that might permit an attacker to learn database contents and arbitrary information, along with writing arbitrary information to short-term storage areas on the system.
“Combined, these include information such as usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls,” Palo Alto Networks mentioned in a Wednesday alert.
The vulnerabilities, which have an effect on all variations of Expedition previous to 1.2.96, are listed beneath –
- CVE-2024-9463 (CVSS rating: 9.9) – An working system (OS) command injection vulnerability that permits an unauthenticated attacker to run arbitrary OS instructions as root
- CVE-2024-9464 (CVSS rating: 9.3) – An OS command injection vulnerability that permits an authenticated attacker to run arbitrary OS instructions as root
- CVE-2024-9465 (CVSS rating: 9.2) – An SQL injection vulnerability that permits an unauthenticated attacker to disclose Expedition database contents
- CVE-2024-9466 (CVSS rating: 8.2) – A cleartext storage of delicate info vulnerability that permits an authenticated attacker to disclose firewall usernames, passwords, and API keys generated utilizing these credentials
- CVE-2024-9467 (CVSS rating: 7.0) – A mirrored cross-site scripting (XSS) vulnerability that allows execution of malicious JavaScript within the context of an authenticated Expedition person’s browser if that person clicks on a malicious hyperlink, permitting phishing assaults that might result in Expedition browser session theft
The corporate credited Zach Hanley of Horizon3.ai for locating and reporting CVE-2024-9464, CVE-2024-9465, and CVE-2024-9466, and Enrique Castillo of Palo Alto Networks for CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, and CVE-2024-9467.
There isn’t any proof that the problems have ever been exploited within the wild, though it mentioned steps to reproduce the issue are already within the public area, courtesy of Horizon3.ai.
There are roughly 23 Expedition servers uncovered to the web, most of that are situated within the U.S., Belgium, Germany, the Netherlands, and Australia. As mitigations, it is really useful to restrict entry to licensed customers, hosts, or networks, and shut down the software program when not in lively use.
Cisco Fixes Nexus Dashboard Cloth Controller Flaw
Final week, Cisco additionally launched patches to remediate a crucial command execution flaw in Nexus Dashboard Cloth Controller (NDFC) that it mentioned stems from an improper person authorization and inadequate validation of command arguments.
Tracked as CVE-2024-20432 (CVSS rating: 9.9), it might allow an authenticated, low-privileged, distant attacker to carry out a command injection assault towards an affected machine. The flaw has been addressed in NDFC model 12.2.2. It is price noting that variations 11.5 and earlier aren’t vulnerable.
“An attacker could exploit this vulnerability by submitting crafted commands to an affected REST API endpoint or through the web UI,” it mentioned. “A successful exploit could allow the attacker to execute arbitrary commands on the CLI of a Cisco NDFC-managed device with network-admin privileges.”
