In today’s digital age, cybersecurity remains a paramount concern for businesses worldwide. As cyber threats evolve in complexity and sophistication, organizations must stay vigilant and proactive in securing their systems and data. Recently, leading technology companies Cisco, Fortinet, and VMware have released critical security updates to address vulnerabilities in their products, underscoring the ongoing need for robust cybersecurity measures.
Cisco’s Expressway Series Vulnerabilities:
Cisco has identified several vulnerabilities in its Expressway Series collaboration gateways, with two critical flaws, CVE-2024-20252 and CVE-2024-20254, posing significant risks. These vulnerabilities could lead to cross-site request forgery (CSRF) attacks, potentially allowing remote attackers to execute arbitrary actions on affected devices. If the affected user possesses administrative privileges, such actions may entail altering the system configuration and establishing additional privileged accounts.
Moreover, a third CSRF flaw, CVE-2024-20255, further exacerbates the situation by enabling attackers to overwrite system configuration settings, leading to denial-of-service (DoS) conditions. As per the advisory, CVE-2024-20252 is exploitable solely in gateways where the cluster database (CDB) API feature has been activated.
Meanwhile, CVE-2024-20254 and CVE-2024-20255 exclusively impact Cisco Expressway Series devices operating under the default configuration. While Cisco has released patches for these vulnerabilities, organizations must update their systems promptly to mitigate potential risks.
Cisco Expressway Series Release | First Fixed Release |
Earlier than 14.0 | Migrate to a fixed release. |
14.0 | 14.3.4 |
15.0 | 15.0.0 |
Fortinet’s FortiSIEM Vulnerabilities:
Fortinet has issued warnings regarding two new bypasses for a critical remote code execution vulnerability in FortiSIEM, its Security Information and Event Management (SIEM) solution. Tracked as CVE-2024-23108 and CVE-2024-23109, these vulnerabilities are variants of the original flaw (CVE-2023-34992) and can be exploited via specially crafted API requests. Despite initial confusion surrounding the release of these CVEs, Fortinet has clarified that they are indeed critical and advises users to upgrade to the latest FortiSIEM versions promptly.
While the initial vulnerability, CVE-2023-34992, was addressed in a previous release of FortiSIEM, the newly identified variations have been or will be remedied in the following versions:
- FortiSIEM version 7.1.2 or later
- FortiSIEM version 7.2.0 or later (upcoming)
- FortiSIEM version 7.0.3 or later (upcoming)
- FortiSIEM version 6.7.9 or later (upcoming)
- FortiSIEM version 6.6.5 or later (upcoming)
- FortiSIEM version 6.5.3 or later (upcoming)
- FortiSIEM version 6.4.4 or later (upcoming)
VMware’s Aria Operations for Networks Vulnerabilities:
VMware has identified several moderate-to-important severity vulnerabilities in Aria Operations for Networks (formerly vRealize Network Insight), posing risks such as local privilege escalation and cross-site scripting (XSS) attacks.
- CVE-2024-22237 (CVSS score: 7.8): A local privilege escalation vulnerability enabling a console user to attain standard root access.
- CVE-2024-22238 (CVSS score: 6.4): A cross-site scripting (XSS) vulnerability empowering a malevolent actor with administrative privileges to insert harmful code into user profile configurations.
- CVE-2024-22239 (CVSS score: 5.3): A local privilege escalation vulnerability enabling a console user to acquire standard shell access.
- CVE-2024-22240 (CVSS score: 4.9): A vulnerability in local file read allowing a malevolent actor with administrative privileges to retrieve sensitive information.
- CVE-2024-22241 (CVSS score: 4.3): A cross-site scripting (XSS) vulnerability enabling a malevolent actor with administrative privileges to inject malicious code and commandeer the user account.
VMware recommends users upgrade to version 6.12.0 to mitigate these risks effectively.
SanerNow Vulnerability Management, Risk Prioritization, and Patch Management detect and automatically fix vulnerabilities with risk-based remediation. With SanerNow, you can keep your systems updated and secure.