InfoSecBulletin Cybersecurity for mankind
CISA warns of two serious vulnerabilities in Optigo Networks ONS-S8 Aggregation Switches, which could allow authentication bypass and remote code execution in critical infrastructure.
The flaws involve weak authentication, allowing users to bypass password requirements, and issues with validating user input, which could lead to remote code execution, arbitrary file uploads, and directory traversal.
Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI
London-based company “Builder.ai” reportedly exposed 1.2 TB data
(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall
“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA
CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability
U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports
Daily Security Update Dated: 18.12.2024
CISA released best practices to secure Microsoft 365 Cloud environments
Data breach! Ireland fines Meta $264 million, Australia $50m
Over 25K SonicWall VPN Firewalls exposed to critical flaws
The device is used in critical infrastructure and manufacturing worldwide. Since the flaws can be exploited remotely and are easy to attack, the risk is very high. No fixes are currently available, so users should follow the mitigations suggested by the Canadian vendor.
The first issue, CVE-2024-41925, is a PHP Remote File Inclusion (RFI) vulnerability caused by improper validation of user-provided file paths.
An attacker could exploit this vulnerability to access directories, bypass authentication, and run remote code.
CVE-2024-45367 is a weak authentication issue caused by inadequate password verification in the authentication process.
An attacker can misuse this to gain unauthorized access to the switches’ management interface, change settings, access sensitive information, or move to other parts of the network.
Claroty Team82 identified two critical vulnerabilities rated 9.3 on the CVSS v4 scale. These affect all versions of the ONS-S8 Spectra Aggregation Switch up to 1.3.7.
Securing the switches:
While CISA has not seen signs of these flaws being actively exploited, system administrators are recommended to perform the following actions to mitigate the flaws:
Separate ONS-S8 management traffic into its own VLAN to limit exposure to normal network traffic.
Connect to OneView using a dedicated NIC on the BMS computer for secure access to the OT network.
Set up the router’s firewall to allow only specific devices, ensuring that OneView can be accessed only by authorized systems and blocking any unauthorized access.
Use a secure VPN for OneView connections to ensure encrypted communication and protect against interception.
Follow CISA’s cybersecurity guidance by conducting risk assessments, using layered security, and following ICS security best practices.
CISA advises organizations seeing suspicious activity on devices to follow their breach protocols and report the incident to the cybersecurity agency for tracking and correlation with other incidents.
