Black Arrow Cyber Advisory 10 March 2023 – Fortinet, Cisco and Veeam Vulnerabilities Roundup
Executive Summary
Fortinet have disclosed 15 security issues across a range of products including 5 “high” rated vulnerabilities and a “critical” vulnerability that allows an unauthenticated attacker to perform denial of service attacks or execute arbitrary code. Cisco has identified a “high vulnerability” with IOS XR software for the ASR 9000 Series routers. Veeam have disclosed a “high vulnerability” that allows an unauthenticated attacker to request encrypted credentials which may lead to gaining access to the backup infrastructure host.
What’s the risk to me or my business?
Successful exploitation of the Cisco vulnerability tracked as CVE-2023-20049 allows the attacker to cause line card exceptions or hard rests which can lead to traffic loss and denial of service conditions.
The following models are vulnerable if they have Bidirectional forwarding detection (BFD) hardware offload enabled.
ASR 9000 Series Aggregation Services Routers only if they have a Lightspeed or Lightspeed-Plus-based line card installed.
ASR 9902 Compact High-Performance Routers
ASR 9903 Compact High-Performance Routers
A successful exploitation of the Critical Fortinet vulnerability tracked as CVE-2023-25610 allows an unauthenticated attacker to execute arbitrary code or perform denial of service (DoS) conditions in an administrative interface.
The following devices are vulnerable to both the RCE and DoS:
FortiOS version 7.2.0 through 7.2.3
FortiOS version 7.0.0 through 7.0.9
FortiOS version 6.4.0 through 6.4.11
FortiOS version 6.2.0 through 6.2.12
FortiOS 6.0 all versions
FortiProxy version 7.2.0 through 7.2.2
FortiProxy version 7.0.0 through 7.0.8
FortiProxy version 2.0.0 through 2.0.12
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions
A full list of vulnerable hardware devices that are impacted by the Denial of Service can be found on the FortiGuard website.
A successful exploitation of the high Veeam vulnerability tracked as CVE-2023-27532 can allow an unauthenticated attacker to request encrypted credentials which may lead to the attacker gaining access to the backup infrastructure of the host.
This vulnerability affects all Veeam Backups and Replication versions but is resolved in the following:
12 (build 12.0.0.1420 P20230223)
11a (build 11.0.1.1261 P20230227)
What can I do?
Cisco has released software updates that address the vulnerability and should be installed. Alternatively, a workaround has been provided which is to disable all bfd hardware offload features, which can be done by removing all hw-module bfw-hw-offload enable commands and resetting the card.
Fortinet has provided solutions to each of the vulnerabilities it has disclosed, and it is recommended that the patches released for the vulnerabilities are installed.
Veeam has released a patch and should be installed, however they suggest that if you are using an earlier version to upgrade to the current supported version first. Alternatively, if you are using an all-in-one Veeam appliance with no backup infrastructure components, external connections to Port TCP 9401 should be filtered until the patch is installed.
Further information on the vulnerabilities be found here:
Cisco IOS XR software update - https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#ssu
Cisco IOS XR Software Security Advisory-https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bfd-XmRescbT
Fortinet CVE-2023-25610 advisory and solution - https://www.fortiguard.com/psirt/FG-IR-23-001
Fortiguard vulnerability advisory- https://www.fortiguard.com/psirt-monthly-advisory/march-2023-vulnerability-advisories
Veeam advisory - https://www.veeam.com/kb4424
Veeam Solution - https://www.veeam.com/product-lifecycle.html?ad=in-text-link
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity