Tuesday , January 28 2025
switch

CISA Warns
Network switch RCE flaw impacts critical infrastructure

CISA warns of two serious vulnerabilities in Optigo Networks ONS-S8 Aggregation Switches, which could allow authentication bypass and remote code execution in critical infrastructure.

The flaws involve weak authentication, allowing users to bypass password requirements, and issues with validating user input, which could lead to remote code execution, arbitrary file uploads, and directory traversal.

GitHub Desktop Vuln Credential Leaks via Malicious Remote URLs

Multiple security vulnerabilities have been found in GitHub Desktop and other Git projects. If exploited, these could allow attackers to...
Read More
GitHub Desktop Vuln Credential Leaks via Malicious Remote URLs

Burp Suite 2025.1 released: Featuring Intruder Capabilities & Bug Fixes

PortSwigger has launched Burp Suite 2025.1, adding new features and improvements to enhance usability and efficiency for penetration testers. This...
Read More
Burp Suite 2025.1 released: Featuring Intruder Capabilities & Bug Fixes

UnitedHealth confirms 190 million impacted by 2024 data breach

UnitedHealth confirmed that the ransomware attack on its Change Healthcare unit last February impacted about 190 million Americans, nearly double...
Read More
UnitedHealth confirms 190 million impacted by 2024 data breach

Registration Open For BCS CTF 2025

So, to test your cyber security skill, here is another chance to do that. Bangladesh computer society (BCS) is going...
Read More
Registration Open For BCS CTF 2025

New Ransomware Tactics Target VMware ESXi Via SSH Tunneling

Sygnia's recent report highlights the changing strategies of ransomware groups targeting VMware ESXi appliances. These attackers exploit vital virtual infrastructure...
Read More
New Ransomware Tactics Target VMware ESXi Via SSH Tunneling

Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass

An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting...
Read More
Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass

CISA Releases 6 ICS Advisories Detailing Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released 6 advisories for Industrial Control Systems (ICS), highlighting vulnerabilities in various...
Read More
CISA Releases 6 ICS Advisories Detailing Security Issues

Account Credentials for Security Vendors Found on Dark Web: Cyble Report

# "While many leaked security credentials belong to customers, some exposed sensitive accounts suggest that security vendors too have been...
Read More
Account Credentials for Security Vendors Found on Dark Web: Cyble Report

Four Critical Ivanti CSA Vulnerabilities Exploited: CISA , FBI warns

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory...
Read More
Four Critical Ivanti CSA Vulnerabilities Exploited: CISA , FBI warns

GitLab Releases Patch (CVE-2025-0314) for XSS Exploit

GitLab has released update for high severity cross-site scripting (XSS) flaw. Versions 17.8.1, 17.7.3, and 17.6.4 for both Community Edition...
Read More
GitLab Releases Patch  (CVE-2025-0314) for XSS Exploit

The device is used in critical infrastructure and manufacturing worldwide. Since the flaws can be exploited remotely and are easy to attack, the risk is very high. No fixes are currently available, so users should follow the mitigations suggested by the Canadian vendor.

The first issue, CVE-2024-41925, is a PHP Remote File Inclusion (RFI) vulnerability caused by improper validation of user-provided file paths.

An attacker could exploit this vulnerability to access directories, bypass authentication, and run remote code.

CVE-2024-45367 is a weak authentication issue caused by inadequate password verification in the authentication process.

An attacker can misuse this to gain unauthorized access to the switches’ management interface, change settings, access sensitive information, or move to other parts of the network.

Claroty Team82 identified two critical vulnerabilities rated 9.3 on the CVSS v4 scale. These affect all versions of the ONS-S8 Spectra Aggregation Switch up to 1.3.7.

Securing the switches:

While CISA has not seen signs of these flaws being actively exploited, system administrators are recommended to perform the following actions to mitigate the flaws:

Separate ONS-S8 management traffic into its own VLAN to limit exposure to normal network traffic.

Connect to OneView using a dedicated NIC on the BMS computer for secure access to the OT network.

Set up the router’s firewall to allow only specific devices, ensuring that OneView can be accessed only by authorized systems and blocking any unauthorized access.

Use a secure VPN for OneView connections to ensure encrypted communication and protect against interception.

Follow CISA’s cybersecurity guidance by conducting risk assessments, using layered security, and following ICS security best practices.

CISA advises organizations seeing suspicious activity on devices to follow their breach protocols and report the incident to the cybersecurity agency for tracking and correlation with other incidents.

Check Also

zero day day

Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack

Fortinet customers must apply the latest updates, as almost 50,000 management interfaces remain vulnerable to …

Leave a Reply

Your email address will not be published. Required fields are marked *