Feb 08, 2024 NewsroomCyber Threat / Network Security
Cisco, Fortinet, and VMware have recently issued security updates to address various vulnerabilities in their products. The vulnerabilities were discovered during internal security testing and could potentially be exploited by attackers to carry out malicious activities on affected devices. The first set of vulnerabilities from Cisco CVE-2024-20252 and CVE-2024-20254 (CVSS score: 9.6) and CVE-2024-20255 (CVSS score: 8.2) affects the Cisco Expressway Series, enabling remote attackers to carry out phishing attacks (CSRF). These vulnerabilities stem from insufficient CSRF protection of the web management interface, potentially allowing attackers to carry out unauthorized actions independently of the user’s privileges. Cisco has provided patches for these vulnerabilities in Cisco Expressway Series Release 14.3.4 and 15.0.0.
Another important update is from Fortinet, which has released a patch to address a previously disclosed vulnerability (CVE-2023-34992, CVSS score: 9.7) in FortiSIEM controllers. The vulnerability could potentially lead to code execution and has been assigned the codes CVE-2024-23108 and CVE-2024-23109 (CVSS score: 9.8). Fortinet has also addressed another version of CVE-2023-34992 by closing CVE-2023-36553 (CVSS score: 9.3) in November 2023. Patches for these vulnerabilities will be included in upcoming versions of FortiSIEM.
VMware also issued a warning about critical vulnerabilities in Aria Operations for Networks (formerly vRealize Network Insight). This includes vulnerabilities such as local privilege escalation, cross-site scripting (XSS), and the potential for malicious code injection. VMware has recommended all users of Aria Operations for Networks version 6.x to upgrade to version 6.12.0 to mitigate these vulnerabilities.
Given the history of exploitation of vulnerabilities in these products, it is crucial for organizations to promptly apply these security updates to protect their systems from potential threats.
If you found this article interesting, follow us on Twitter and LinkedIn for more updates.