Threat Intelligence Blog
Contact us to discuss any insights from our Blog, and how we can support you in a tailored threat intelligence report.
Black Arrow Cyber Advisory 09 February 2024 – Cisco, Fortinet, Ivanti and VMware Security Updates
Black Arrow Cyber Advisory 09 February 2024 – Cisco, Fortinet, Ivanti and VMware Security Updates
Executive Summary
Cisco, Fortinet, Ivanti and VMware have addressed multiple vulnerabilities across their product range. All of the vendors have a security patch available to address the vulnerabilities and due to the active exploitation of some of the vulnerabilities, it is recommended to apply them immediately.
Cisco
Cisco have released security updates for three flaws affecting the Cisco Expressway Series that could allow an unauthenticated remote attacker to conduct cross-site request forgery attacks. Two of the flaws are rated critical (CVE-2024-20252 and CVE-2024-20254) and can be exploited in the impacted devices default configuration, however the third flaw (CVE-2024-20255) can only be exploited if the cluster database API feature has been enabled, which is disabled by default.
Cisco have released patches for the affected products and are available in Cisco Expressway Series Release versions 14.3.4 and 15.0.0.
Fortinet
Fortinet have released a second round of updates addressing two previously disclosed critical flaws in the FortiSIEM supervisor. The two flaws (CVE-2024-23108 and CVE-02024-23109) allows a remote unauthenticated attacker to perform arbitrary code execution.
Impacted products are:
FortiSIEM version 7.1.0 through 7.1.1 fixed in 7.1.2
FortiSIEM version 7.0.0 through 7.0.2 fixed in 7.0.3
FortiSIEM version 6.7.0 through 6.7.8 fixed in 6.7.9
FortiSIEM version 6.6.0 through 6.6.3 fixed in 6.6.5
FortiSIEM version 6.5.0 through 6.5.2 fixed in 6.5.3
FortiSIEM version 6.4.0 through 6.4.2 fixed in 6.4.4
Ivanti
Another critical security patch has been released by Ivanti for their Connect Secure product, Policy Secure and ZTA gateways. The flaw (CVE-2024-22024) allows remote attackers to gain access to restricted resources without requiring user interaction or authentication. While Ivanti have stated that this vulnerability is not currently being actively exploited they urge affected users to patch immediately.
To mitigate the risks, it is recommended that all users of the impacted devices running version 6.x upgrade to version 6.12.0.
VMware
VMware have warned of five vulnerabilities in the Aria Operations for Networks. The vulnerabilities encompass a range of issues, including local privilege escalation, cross-site scripting and local file read (requires admin privileges).
To mitigate the risks, it is recommended that all users of the impacted devices running version 6.x upgrade to version 6.12.0
Further Information
Cisco
Further details on the Cisco vulnerabilities can be found here:
Fortinet
Further details on the Fortinet vulnerabilities can be found here:
https://www.fortiguard.com/psirt/FG-IR-23-130
Ivanti
Further details on the Ivanti vulnerabilities can be found here:
VMware
Further details on the VMware vulnerabilities can be found here:
https://kb.vmware.com/s/article/96450
Need help understanding your gaps, or just want some advice? Get in touch with us.
#threatadvisory #threatintelligence #cybersecurity