CISA Warns of Actively Exploited Fortinet and Ivanti Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of their active exploitation by threat actors. The list includes vulnerabilities in Fortinet and Ivanti products, which pose a significant risk to federal networks.
The Fortinet vulnerability, identified as CVE-2024-23113 (CVSS score: 9.8), affects FortiOS, FortiPAM, FortiProxy, and FortiWeb, allowing a remote attacker to execute arbitrary code via specially crafted requests.
The Ivanti vulnerability, tracked as CVE-2024-9379 (CVSS score: 6.5), allows a remote attacker with administrator privileges to execute arbitrary SQL queries through the Ivanti CSA admin web console. Simultaneously, CVE-2024-9380 (CVSS score: 7.2) in the same Ivanti product relates to command injection in the operating system, enabling remote attackers to execute code on the vulnerable system via the same web console.
Patches for all three vulnerabilities have already been issued by the affected vendors. U.S. federal agencies are required to remediate them in their systems by October 30, 2024, to ensure maximum security.
Meanwhile, Palo Alto Networks reported multiple vulnerabilities in its Expedition tool, which allow attackers to access databases, device configurations, and other critical data. The most severe of these is CVE-2024-9463 (score: 9.9), enabling unauthenticated users to execute commands as root.
Another critical threat is CVE-2024-9464 (score: 9.3), which has similar impacts but requires authentication, slightly reducing its risk. Palo Alto expressed gratitude to researchers for identifying the issues, while emphasizing that there is no evidence of these vulnerabilities being exploited in real-world attacks.
Additionally, Cisco has addressed a critical vulnerability in the Nexus Dashboard Fabric Controller (NDFC), which allowed attackers to execute commands with network administrator privileges. The vulnerability, CVE-2024-20432 (score: 9.9), was resolved in the updated NDFC version 12.2.2.
Experts recommend users limit access to vulnerable systems and ensure timely application of security updates to prevent potential attacks.
