Tuesday , January 21 2025
switch

CISA Warns
Network switch RCE flaw impacts critical infrastructure

CISA warns of two serious vulnerabilities in Optigo Networks ONS-S8 Aggregation Switches, which could allow authentication bypass and remote code execution in critical infrastructure.

The flaws involve weak authentication, allowing users to bypass password requirements, and issues with validating user input, which could lead to remote code execution, arbitrary file uploads, and directory traversal.

Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS

Security researchers have found several vulnerabilities in Azure DevOps that could enable attackers to inject CRLF queries and carry out...
Read More
Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS

Intel holds 22 employees from one Bangladeshi University

Intel Corporation is a leading semiconductor chip manufacturer, employing at least 22 graduates from the Department of Applied Chemistry and...
Read More
Intel holds 22 employees from one Bangladeshi University

VPN Surge 1500% in USA after TikTok Shut Down

vpnMentor’s Research Team is monitoring the potential TikTok ban in the U.S., driven by national security and data privacy issues....
Read More
VPN Surge 1500% in USA after TikTok Shut Down

MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology

MITRE launched D3FENDTM 1.0, a cybersecurity framework that provides a vocabulary and understanding of the cyber domain. D3FEND 1.0, funded...
Read More
MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology

AWS Patches Multiple Vulns in WorkSpaces, AppStream 2.0

Amazon Web Services (AWS) has recently fixed two major security vulnerabilities in its cloud services: Amazon WorkSpaces, Amazon AppStream 2.0,...
Read More
AWS Patches Multiple Vulns in WorkSpaces, AppStream 2.0

Malware Trends Review 2024: Ever Recorded Cyber Threats

Last year saw a significant rise in cyber threats, with malware becoming more advanced and attack strategies more sophisticated. A...
Read More
Malware Trends Review 2024: Ever Recorded Cyber Threats

Botnet Exploits 13,000 MikroTik Devices Abusing Misconfigured DNS

A recent Infoblox Threat Intel report reveals a sophisticated botnet that exploits DNS misconfigurations to spread malware widely. This botnet,...
Read More
Botnet Exploits 13,000 MikroTik Devices Abusing Misconfigured DNS

CVE-2024-9042
Code Execution Vulnerability Found in Kubernetes Windows Nodes

A new security flaw traced, CVE-2024-9042, poses a serious risk to Kubernetes clusters with Windows worker nodes. It has a...
Read More
CVE-2024-9042  Code Execution Vulnerability Found in Kubernetes Windows Nodes

Hacker leaked 15k config files and VPN passwords of FortiGate firewall device

The hacking group "Belsen Group" has posted over 15,000 unique FortiGate firewall configurations online. The data dump, reportedly obtained by exploiting...
Read More
Hacker leaked 15k config files and VPN passwords of FortiGate firewall device

Registration open for 1st Agile Cyber Drill 2025

Registration open for "1st Agile Cyber Drill-2025" scheduled for February 26, 2025 online with an awards ceremony for 9 March...
Read More
Registration open for 1st Agile Cyber Drill 2025

The device is used in critical infrastructure and manufacturing worldwide. Since the flaws can be exploited remotely and are easy to attack, the risk is very high. No fixes are currently available, so users should follow the mitigations suggested by the Canadian vendor.

The first issue, CVE-2024-41925, is a PHP Remote File Inclusion (RFI) vulnerability caused by improper validation of user-provided file paths.

An attacker could exploit this vulnerability to access directories, bypass authentication, and run remote code.

CVE-2024-45367 is a weak authentication issue caused by inadequate password verification in the authentication process.

An attacker can misuse this to gain unauthorized access to the switches’ management interface, change settings, access sensitive information, or move to other parts of the network.

Claroty Team82 identified two critical vulnerabilities rated 9.3 on the CVSS v4 scale. These affect all versions of the ONS-S8 Spectra Aggregation Switch up to 1.3.7.

Securing the switches:

While CISA has not seen signs of these flaws being actively exploited, system administrators are recommended to perform the following actions to mitigate the flaws:

Separate ONS-S8 management traffic into its own VLAN to limit exposure to normal network traffic.

Connect to OneView using a dedicated NIC on the BMS computer for secure access to the OT network.

Set up the router’s firewall to allow only specific devices, ensuring that OneView can be accessed only by authorized systems and blocking any unauthorized access.

Use a secure VPN for OneView connections to ensure encrypted communication and protect against interception.

Follow CISA’s cybersecurity guidance by conducting risk assessments, using layered security, and following ICS security best practices.

CISA advises organizations seeing suspicious activity on devices to follow their breach protocols and report the incident to the cybersecurity agency for tracking and correlation with other incidents.

Check Also

Kubernetes

CVE-2024-9042
Code Execution Vulnerability Found in Kubernetes Windows Nodes

A new security flaw traced, CVE-2024-9042, poses a serious risk to Kubernetes clusters with Windows …

Leave a Reply

Your email address will not be published. Required fields are marked *