Today: Nov 23, 2024

Critical Security Updates for Cisco, Fortinet, VMware Products

Critical Security Updates for Cisco, Fortinet, VMware Products
February 8, 2024



Feb 08, 2024 NewsroomCyber ​​​​Threat / Network SecurityCritical Security Updates for Cisco, Fortinet, VMware Products
Cisco, Fortinet, and VMware have recently issued security updates to address various vulnerabilities in their products. The vulnerabilities were discovered during internal security testing and could potentially be exploited by attackers to carry out malicious activities on affected devices. The first set of vulnerabilities from Cisco CVE-2024-20252 and CVE-2024-20254 (CVSS score: 9.6) and CVE-2024-20255 (CVSS score: 8.2) affects the Cisco Expressway Series, enabling remote attackers to carry out phishing attacks (CSRF). These vulnerabilities stem from insufficient CSRF protection of the web management interface, potentially allowing attackers to carry out unauthorized actions independently of the user’s privileges. Cisco has provided patches for these vulnerabilities in Cisco Expressway Series Release 14.3.4 and 15.0.0.

Another important update is from Fortinet, which has released a patch to address a previously disclosed vulnerability (CVE-2023-34992, CVSS score: 9.7) in FortiSIEM controllers. The vulnerability could potentially lead to code execution and has been assigned the codes CVE-2024-23108 and CVE-2024-23109 (CVSS score: 9.8). Fortinet has also addressed another version of CVE-2023-34992 by closing CVE-2023-36553 (CVSS score: 9.3) in November 2023. Patches for these vulnerabilities will be included in upcoming versions of FortiSIEM.

VMware also issued a warning about critical vulnerabilities in Aria Operations for Networks (formerly vRealize Network Insight). This includes vulnerabilities such as local privilege escalation, cross-site scripting (XSS), and the potential for malicious code injection. VMware has recommended all users of Aria Operations for Networks version 6.x to upgrade to version 6.12.0 to mitigate these vulnerabilities.

Given the history of exploitation of vulnerabilities in these products, it is crucial for organizations to promptly apply these security updates to protect their systems from potential threats.
If you found this article interesting, follow us on Twitter  and LinkedIn for more updates.

OpenAI
Author: OpenAI

Don't Miss

Emperor penguin launched at sea 20 days after waddling onto Australian seaside

Emperor penguin launched at sea 20 days after waddling onto Australian seaside

MELBOURNE, Australia — The one emperor penguin identified to have swum from
AirPods Professional 2 Hit New Low Value of 9.99 for Black Friday

AirPods Professional 2 Hit New Low Value of $159.99 for Black Friday

The Excellent Friday offers proceed, and as of late we are monitoring