Critical Patches Released for New Bugs in Cisco, Fortinet, VMware Products

February 08, 2024NewsroomCyber ​​Threat / Network Security

Cisco, Fortinet, VMware

Cisco, Fortinet, and VMware have released security fixes for several security vulnerabilities, including critical vulnerabilities that can be exploited to perform arbitrary actions on affected devices.

The first set from Cisco consists of three flaws – CVE-2024-20252 and CVE-2024-20254 (CVSS score: 9.6) and CVE-2024-20255 (CVSS score: 8.2) – affecting the Cisco Expressway Series that allow of a fake, remote attacker to perform cross-site request forgery (CSRF) attacks.

All the issues, found during internal security testing, stem from insufficient CSRF protections for the web-based management interface that could allow an attacker to create arbitrary actions with the affected user’s privilege level.

“If the affected user has administrative privileges, these actions may include changing the system configuration and creating new privileged accounts,” Cisco SAYS about CVE-2024-20252 and CVE-2024-20254.

On the other hand, successful exploitation of CVE-2024-20255 targeting a user with administrative privileges could enable the threat actor to overwrite system configuration settings, resulting in in a denial of service (DoS) condition.

Cybersecurity

Another important difference between the two sets of flaws is that while the first two affect Cisco Expressway Series devices in the default configuration, CVE-2024-20252 only affects them when the feature the cluster database (CDB) API is enabled. It is disabled by default.

Patches for the vulnerabilities are available in Cisco Expressway Series Release versions 14.3.4 and 15.0.0.

Fortinet, for its part, released a second round of updates to address what are the bypasses for a previously disclosed critical flaw (CVE-2023-34992, CVSS score: 9.7) in the FortiSIEM supervisor that could result in arbitrary code execution, ACCORDING to Horizon3.ai researcher Zach Hanley.

Tracked as CVE-2024-23108 and CVE-2024-23109 (CVSS scores: 9.8), the flaws “could allow a remote unauthorized attacker to execute unauthorized commands via API requests.”

It should be noted that Fortinet resolved another variant of CVE-2023-34992 by closing CVE-2023-36553 (CVSS score: 9.3) in November 2023. The two new vulnerabilities are/will be plugged in the following versions –

  • FortiSIEM version 7.1.2 or greater
  • FortiSIEM version 7.2.0 or higher (coming soon)
  • FortiSIEM version 7.0.3 or higher (coming soon)
  • FortiSIEM version 6.7.9 or higher (coming soon)
  • FortiSIEM version 6.6.5 or higher (coming soon)
  • FortiSIEM version 6.5.3 or greater (in the future), and
  • FortiSIEM version 6.4.4 or higher (coming soon)
Cybersecurity

Completing the trifecta is VMware, which warns five moderate to significant severity errors at Aria Operations for Networks (formerly vRealize Network Insight) –

  • CVE-2024-22237 (CVSS score: 7.8) – Local privilege escalation vulnerability allows a console user to gain regular root access
  • CVE-2024-22238 (CVSS score: 6.4) – Cross-site scripting (XSS) vulnerability that allows a malicious actor with admin privileges to inject malicious code into user profile configurations
  • CVE-2024-22239 (CVSS score: 5.3) – Vulnerability in local development privilege allows a console user to gain regular shell access
  • CVE-2024-22240 (CVSS score: 4.9) – Local file read vulnerability that allows a malicious actor with admin privileges to access sensitive information
  • CVE-2024-22241 (CVSS score: 4.3) – Cross-site scripting (XSS) vulnerability that allows a malicious actor with admin privileges to inject malicious code and take over a user account

To minimize risks, all users of VMware Aria Operations for Networks version 6.x recommended to upgrade to version 6.12.0.

Considering the exploit history when it comes to Cisco, Fortinet, and VMware flaws, patching is a necessary and important first step that organizations must take to manage vulnerabilities.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Leave a comment