Black Arrow Cyber Consulting
0

Blog

Our weekly Cyber Flash Briefing round up of top open source news and ‘Cyber Tip Tuesday’ videos

Black Arrow Cyber Advisory 09 February 2024 – Cisco, Fortinet, Ivanti and VMware Security Updates

Executive Summary

Cisco, Fortinet, Ivanti and VMware have addressed multiple vulnerabilities across their product range. All of the vendors have a security patch available to address the vulnerabilities and due to the active exploitation of some of the vulnerabilities, it is recommended to apply them immediately.

Cisco

Cisco have released security updates for three flaws affecting the Cisco Expressway Series that could allow an unauthenticated remote attacker to conduct cross-site request forgery attacks. Two of the flaws are rated critical (CVE-2024-20252 and CVE-2024-20254) and can be exploited in the impacted devices default configuration, however the third flaw (CVE-2024-20255) can only be exploited if the cluster database API feature has been enabled, which is disabled by default.

Cisco have released patches for the affected products and are available in Cisco Expressway Series Release versions 14.3.4 and 15.0.0.

Fortinet
Fortinet have released a second round of updates addressing two previously disclosed critical flaws in the FortiSIEM supervisor. The two flaws (CVE-2024-23108 and CVE-02024-23109) allows a remote unauthenticated attacker to perform arbitrary code execution.

Impacted products are:
FortiSIEM version 7.1.0 through 7.1.1 fixed in 7.1.2
FortiSIEM version 7.0.0 through 7.0.2 fixed in 7.0.3
FortiSIEM version 6.7.0 through 6.7.8 fixed in 6.7.9
FortiSIEM version 6.6.0 through 6.6.3 fixed in 6.6.5
FortiSIEM version 6.5.0 through 6.5.2 fixed in 6.5.3
FortiSIEM version 6.4.0 through 6.4.2 fixed in 6.4.4

Ivanti
Another critical security patch has been released by Ivanti for their Connect Secure product, Policy Secure and ZTA gateways. The flaw (CVE-2024-22024) allows remote attackers to gain access to restricted resources without requiring user interaction or authentication. While Ivanti have stated that this vulnerability is not currently being actively exploited they urge affected users to patch immediately.

To mitigate the risks, it is recommended that all users of the impacted devices running version 6.x upgrade to version 6.12.0.

VMware
VMware have warned of five vulnerabilities in the Aria Operations for Networks. The vulnerabilities encompass a range of issues, including local privilege escalation, cross-site scripting and local file read (requires admin privileges).

To mitigate the risks, it is recommended that all users of the impacted devices running version 6.x upgrade to version 6.12.0

Further Information

Cisco
Further details on the Cisco vulnerabilities can be found here:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3

Fortinet

Further details on the Fortinet vulnerabilities can be found here:

https://www.fortiguard.com/psirt/FG-IR-23-130

Ivanti

Further details on the Ivanti vulnerabilities can be found here:

https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US

VMware

Further details on the VMware vulnerabilities can be found here:

https://kb.vmware.com/s/article/96450

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Adminblack arrow, black arrow threat advisory, threat advisory, black arrow threat intelligence, threat intelligence, vulnerability, vulnerabilities, cisco, cisco expressway, fortinet, fortisiem, ivanti, ivanti connect secure, vmware, vmware aria operations for networks