Security patches were recently released from various vendors including Cisco, Fortinet, and VMware. Read this Cybersecurity Threat Advisory as it shares the impact of each of the vulnerabilities and how to mitigate the risks they pose.
What is the threat?
Cisco’s vulnerabilities, CVE-2024-20252 and CVE-2024-20254 (with a CVSS score of 9.6) and CVE-2024-20255 (with a CVSS score of 8.2), affects the Cisco Expressway series. These vulnerabilities have the potential to enable an unauthorized remote attacker to execute cross-site request forgery (CSRF) attacks. These flaws cause improper input validation, insufficiently protected credentials, or insecure deserialization, which could be exploited remotely without authentication. Attackers could leverage these vulnerabilities to compromise targeted systems, escalate privileges, exfiltrate sensitive data, or disrupt services.
Fortinet issued a set of patches to resolve bypasses discovered from a previously acknowledged critical vulnerability (CVE-2023-34992). This vulnerability could potentially enable an unauthorized remote attacker to execute unauthorized commands by creating meticulously crafted API requests.
VMware issued a cautionary advisory regarding five vulnerabilities of moderate-to-significant severity discovered in Aria Operations for Networks, formerly known as vRealize Network Insight, CVE-2024-22237, CVE-2024-22238, CVE-2024-22239, CVE-2024-22240, CVE-2024-22241. These vulnerabilities present risks by enabling console users to attain typical root access and administrative privileges. Additionally, they can facilitate cross-site scripting (XSS), which involves the injection of malicious code.
Why is it noteworthy
These vulnerabilities affect a wide range of products which can have significant impact across businesses globally with the potential impact including compromise of sensitive data or disruption of critical services. Organizations need to prioritize applying the critical patches promptly.
What is the exposure or risk?
The risks associated with these vulnerabilities is substantial. Threat actors could exploit these flaws to compromise vulnerable systems, leading to unauthorized access, data breaches, or service disruptions. Additionally, successful exploitation could result in financial losses, reputational damage, and regulatory penalties for affected organizations. As these vulnerabilities can be exploited remotely without authentication, they pose a significant risk to internet-facing systems and networks.
What are the recommendations?
Barracuda MSP recommends the following actions to limit the impact of these vulnerabilities:
- Organizations should promptly apply the critical patches released by vendors to mitigate the risk of exploitation.
- Employ network segmentation to limit the impact of a potential compromise and prevent lateral movement by threat actors.
- Implement robust monitoring and detection mechanisms to identify and respond to suspicious activity indicative of exploitation attempts.
- Ensure that intrusion detection/prevention systems, firewalls, and antivirus solutions are updated to detect and block exploitation attempts targeting these vulnerabilities.
- Provide regular security awareness training to employees to educate them about the importance of promptly applying patches and recognizing potential security threats.
By following these recommendations, organizations can enhance their security posture and mitigate the risk posed by these critical vulnerabilities.
References
For more in-depth information about the recommendations, please visit the following links:
- https://www.redpacketsecurity.com/critical-patches-released-for-new-flaws-in-cisco-fortinet-vmware-products/
- https://thehackernews.com/2024/02/critical-patches-released-for-new-flaws.html
If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.