Multiple security flaws, including significant vulnerabilities that might be exploited to carry out arbitrary operations on impacted devices, have been patched by Cisco, Fortinet, and VMware. These security solutions have been issued.
CVE-2024-20252, CVE-2024-20254 (CVSS score: 9.6), and CVE-2024-20255 (CVSS score: 8.2) are the three vulnerabilities that are included in the first set of vulnerabilities that Cisco has released. These vulnerabilities affect the Cisco Expressway Series and have the potential to enable cross-site request forgery (CSRF) attacks to be carried out by an unauthenticated remote attacker.
An insufficient amount of cross-site request forgery (CSRF) safeguards for the web-based administration interface is the root cause of all of the problems that were discovered during the internal security testing. These protections could allow an attacker to carry out arbitrary operations with the privilege level of the user who was affected.
“These actions could include modifying the system configuration and creating new privileged accounts,” Cisco warned in reference to CVE-2024-20252 and CVE-2024-20254. “If the affected user has administrative privileges,” Cisco said.
The successful exploitation of CVE-2024-20255, which targets a user with administrator privileges, could, on the other hand, make it possible for the threat actor to overwrite the configuration settings of the system, which would result in a denial-of-service (DoS) issue.
The fact that the first two sets of vulnerabilities affect Cisco Expressway Series devices in their default configuration is one of the most important distinctions between them. CVE-2024-20252, on the other hand, only affects these devices if the cluster database application programming interface (API) functionality has been enabled. It has been turned off by default.
The Cisco Expressway Series Release versions 14.3.4 and 15.0.0 both include patches that can be applied to address the vulnerabilities present.
According to Horizon3.ai researcher Zach Hanley, Fortinet has released a second wave of updates to address what are bypasses for a previously disclosed major hole (CVE-2023-34992, CVSS score: 9.7) in FortiSIEM supervisor. This exploit might result in the execution of arbitrary code. Fortinet has provided these updates in order to resolve the issue.
The vulnerabilities, which have been assigned the identifiers CVE-2024-23108 and CVE-2024-23109 and have received a CVSS score of 9.8, “may allow a remote unauthenticated attacker to execute unauthorized commands via crafted API requests.”
It is important to note that Fortinet closed up CVE-2023-36553 in November 2023, which was another variant of CVE-2023-34992. The CVSS score for this vulnerability was 9.3. In the following versions, the two newly discovered vulnerabilities have been corrected or will be fixed:
A version of FortiSIEM that is 7.1.2 or higher
A version of FortiSIEM that is 7.2.0 or higher is forthcoming.
A version of FortiSIEM that is 7.0.3 or higher is forthcoming.
Updates to FortiSIEM versions 6.7.9 and above are on the way.
Upcoming versions of FortiSIEM are version 6.6.5 and higher.
FortiSIEM versions 6.5.3 and higher are scheduled to be released in the near future, as is FortiSIEM version 6.4.4 and higher.
Aria Operations for Networks, formerly known as vRealize Network Insight, has been found to have five weaknesses that range from moderate to important severity, according to VMware, which has issued a warning about the issue. -!
The vulnerability known as CVE-2024-22237, which has a CVSS score of 7.8, is a local privilege escalation vulnerability that facilitates regular root access for a console user.
(CVSS score: 6.4) CVE-2024-22238 security flaw – A vulnerability known as cross-site scripting (XSS) that makes it possible for a hostile actor with administrative rights to insert malicious code into user profile configurations
(CVSS score: 5.3) CVE-2024-22239 security flaw – A vulnerability that allows a console user to get regular shell access and is a local privilege escalation vulnerability
This vulnerability has a CVSS score of 4.9. A vulnerability that permits a hostile actor with administrative privileges to access sensitive information is a local file read vulnerability.
(CVSS score: 4.3) CVE-2024-22241 Security flaw a vulnerability known as cross-site scripting (XSS) that makes it possible for a malicious actor acting with administrative rights to insert malicious code and seize control of the user account
For the purpose of mitigating the risks, it is suggested that all users of VMware Aria Operations for Networks version 6.x upgrade to version 6.12.0.
In light of the fact that vulnerabilities in Cisco, Fortinet, and VMware have been exploited in the past, patching is an essential and essential first step that enterprises need to do in order to address the weaknesses.