[ad_1]
Cisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploited to perform arbitrary actions on affected devices.
Cisco’s first set consists of three flaws: CVE-2024-20252 and CVE-2024-20254 (CVSS score: 9.6) and CVE-2024-20255 (CVSS score: 8.2), which affect the Cisco series Expressway and that could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks.
All of the issues, which were found during internal security testing, stem from insufficient CSRF protections for the web-based management interface that could allow an attacker to perform arbitrary actions with the affected user’s privilege level.
“If the affected user has administrative privileges, these actions could include modifying system settings and creating new privileged accounts,” Cisco saying on CVE-2024-20252 and CVE-2024-20254.
On the other hand, successful exploitation of CVE-2024-20255 targeting a user with administrative privileges could allow the threat actor to overwrite system configuration settings, resulting in a denial of service (DoS) condition.
Another crucial difference between the two sets of flaws is that, while the first two affect Cisco Expressway series devices in the default configuration, CVE-2024-20252 only affects them if the cluster database API function (CBD) has been enabled. It is disabled by default.
Patches for the vulnerabilities are available in versions 14.3.4 and 15.0.0 of the Cisco Expressway series.
Fortinet, for its part, has launched a second round of updates to address what are omissions for a previously disclosed critical flaw (CVE-2023-34992, CVSS score: 9.7) in the FortiSIEM monitor that could result in arbitrary code execution, according according to Horizon3.ai researcher Zach Hanley.
Track as CVE-2024-23108 and CVE-2024-23109 (CVSS Scores: 9.8), the flaws “may allow an unauthenticated, remote attacker to execute unauthorized commands via crafted API requests.”
It’s worth noting that Fortinet resolved another variant of CVE-2023-34992 by closing CVE-2023-36553 (CVSS score: 9.3) in November 2023. The two new vulnerabilities will be fixed or patched in the following releases:
- FortiSIEM version 7.1.2 or higher
- FortiSIEM version 7.2.0 or higher (coming soon)
- FortiSIEM version 7.0.3 or higher (coming soon)
- FortiSIEM version 6.7.9 or higher (coming soon)
- FortiSIEM version 6.6.5 or higher (coming soon)
- FortiSIEM version 6.5.3 or higher (coming soon), and
- FortiSIEM version 6.4.4 or higher (coming soon)
Completing the trifecta is VMware, which has warned about five defects of moderate to major severity in Aria Operations for Networks (formerly vRealize Network Insight) –
- CVE-2024-22237 (CVSS score: 7.8): Local privilege escalation vulnerability allowing a console user to gain regular root access
- CVE-2024-22238 (CVSS score: 6.4): Cross-site scripting (XSS) vulnerability allows a malicious actor with administrator privileges to inject malicious code into user profile configurations.
- CVE-2024-22239 (CVSS score: 5.3): Local privilege escalation vulnerability allowing a console user to gain regular shell access
- CVE-2024-22240 (CVSS score: 4.9): Local file read vulnerability allows a malicious actor with administrator privileges to access sensitive information
- CVE-2024-22241 (CVSS score: 4.3): Cross-site scripting (XSS) vulnerability allows a malicious actor with administrator privileges to inject malicious code and take over the user’s account.
To mitigate risks, all VMware Aria Operations for Networks version 6.x users are being recommended to update to version 6.12.0.
Considering Cisco, Fortinet, and VMware’s history of exploiting flaws, patching is a necessary and crucial first step organizations should take to address deficiencies.