Thursday , April 24 2025

CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Patches

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

The vulnerability, tracked as CVE-2024-23113 (CVSS score: 9.8), relates to cases of remote code execution that affects FortiOS, FortiPAM, FortiProxy, and FortiWeb.

SonicWall patched SSLVPN Vuln Allowing Firewall Crashing

SonicWall has revealed a vulnerability in its SonicOS SSLVPN Virtual Office interface that could let remote attackers crash firewall appliances....
Read More
SonicWall patched SSLVPN Vuln Allowing Firewall Crashing

GitLab Releases Security Update For Multiple Vulns

GitLab has announced a security advisory urging users to upgrade their self-managed installations right away. Versions 17.11.1, 17.10.5, and 17.9.7...
Read More
GitLab Releases Security Update For Multiple Vulns

ISPAB president “whatsapp” got hacked via phishing link

Imdadul Haque, the president of Internet Service Provider of Bangladesh (ISPAB) said, I automatically got back my WhatsApp account. What...
Read More
ISPAB president “whatsapp” got hacked via phishing link

Zyxel released patches 2 vulns in its USG FLEX H series firewalls

Zyxel Networks has issued critical security patches for two high-severity vulnerabilities in its USG FLEX H series firewalls. These flaws...
Read More
Zyxel released patches 2 vulns in its USG FLEX H series firewalls

South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked

South Korea's largest mobile operator, SK Telecom, is warning that a malware infection allowed threat actors to access sensitive USIM-related...
Read More
South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked

ChatGPT Develops Exploit for CVEs Before Public PoCs Share

Security researcher Matt Keeley showed that artificial intelligence can now develop working exploits for critical vulnerabilities before public proof-of-concept (PoC)...
Read More
ChatGPT Develops Exploit for CVEs Before Public PoCs Share

TP-Link Router Vulns Allow to Execute Malicious SQL Commands

Several vulnerabilities have been found in TP-Link routers, exposing users to serious security risks from SQL injection flaws in their...
Read More
TP-Link Router Vulns Allow to Execute Malicious SQL Commands

SSL.com’s domain validation system’s bug found: Hacker exploited

SSL.com has revealed a major security flaw in its domain validation system, which could enable attackers to acquire fake SSL...
Read More
SSL.com’s domain validation system’s bug found: Hacker exploited

Amazon Follows Microsoft’s Lead, Halts Some Data Center Deals

Amazon has paused some data center lease negotiations for its cloud division, particularly in international markets, according to Wells Fargo...
Read More
Amazon Follows Microsoft’s Lead, Halts Some Data Center Deals

Hackers Exploit Zoom’s Remote Control Feature for System Access

ELUSIVE COMET is a threat actor conducting a sophisticated attack campaign that uses Zoom's remote control feature to access victims'...
Read More
Hackers Exploit Zoom’s Remote Control Feature for System Access

“A use of externally-controlled format string vulnerability [CWE-134] in FortiOS fgfmd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests,” Fortinet noted in an advisory for the flaw back in February 2024.

As is typically the case, the bulletin is sparse on details related to how the shortcoming is being exploited in the wild, or who is weaponizing it and against whom.

In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies are mandated to apply the vendor-provided mitigations by October 30, 2024, for optimum protection.

Palo Alto Networks Discloses Critical Bugs in Expedition#
The development comes as Palo Alto Networks disclosed multiple security flaws in Expedition that could allow an attacker to read database contents and arbitrary files, in addition to writing arbitrary files to temporary storage locations on the system.

“Combined, these include information such as usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls,” Palo Alto Networks said in a Wednesday alert.

Fortinet Flaw:
The vulnerabilities, which affect all versions of Expedition prior to 1.2.96, are listed below –

CVE-2024-9463 (CVSS score: 9.9) – An operating system (OS) command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root

CVE-2024-9464 (CVSS score: 9.3) – An OS command injection vulnerability that allows an authenticated attacker to run arbitrary OS commands as root

CVE-2024-9465 (CVSS score: 9.2) – An SQL injection vulnerability that allows an unauthenticated attacker to reveal Expedition database contents

CVE-2024-9466 (CVSS score: 8.2) – A cleartext storage of sensitive information vulnerability that allows an authenticated attacker to reveal firewall usernames, passwords, and API keys generated using those credentials

CVE-2024-9467 (CVSS score: 7.0) – A reflected cross-site scripting (XSS) vulnerability that enables execution of malicious JavaScript in the context of an authenticated Expedition user’s browser if that user clicks on a malicious link, allowing phishing attacks that could lead to Expedition browser session theft

The company credited Zach Hanley of Horizon3.ai for discovering and reporting CVE-2024-9464, CVE-2024-9465, and CVE-2024-9466, and Enrique Castillo of Palo Alto Networks for CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, and CVE-2024-9467.

There is no evidence that the issues have ever been exploited in the wild, although it said steps to reproduce the problem are already in the public domain, courtesy of Horizon3.ai.

There are approximately 23 Expedition servers exposed to the internet, most of which are located in the U.S., Belgium, Germany, the Netherlands, and Australia. As mitigations, it’s recommended to limit access to authorized users, hosts, or networks, and shut down the software when not in active use.

Cisco Fixes Nexus Dashboard Fabric Controller Flaw:

Last week, Cisco also released patches to remediate a critical command execution flaw in Nexus Dashboard Fabric Controller (NDFC) that it said stems from an improper user authorization and insufficient validation of command arguments.

Tracked as CVE-2024-20432 (CVSS score: 9.9), it could permit an authenticated, low-privileged, remote attacker to perform a command injection attack against an affected device. The flaw has been addressed in NDFC version 12.2.2. It’s worth noting that versions 11.5 and earlier are not susceptible.

“An attacker could exploit this vulnerability by submitting crafted commands to an affected REST API endpoint or through the web UI,” it said. “A successful exploit could allow the attacker to execute arbitrary commands on the CLI of a Cisco NDFC-managed device with network-admin privileges.”

Check Also

SQL

TP-Link Router Vulns Allow to Execute Malicious SQL Commands

Several vulnerabilities have been found in TP-Link routers, exposing users to serious security risks from …

Leave a Reply

Your email address will not be published. Required fields are marked *