Numerous security flaws, including serious ones that may be used to carry out arbitrary operations on impacted devices, have been fixed by Cisco, Fortinet, and VMware.

The first set of vulnerabilities from Cisco affects the Cisco Expressway Series and includes three vulnerabilities: CVE-2024-20252, CVE-2024-20254 (CVSS score: 9.6), and CVE-2024-20255 (CVSS score: 8.2). These vulnerabilities potentially enable cross-site request forgery (CSRF) attacks to be carried out by a remote hacker.

The root cause of all the problems, discovered during internal security testing, is the web-based administration interface’s inadequate CSRF safeguards, which allow a hacker to take any action using the impacted user’s privilege level.

“If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts,” Cisco said about CVE-2024-20254 & CVE-2024-20252.

On the other hand, successful exploitation of CVE-2024-20255 targeting a user with administrative privileges could enable the threat actor to overwrite system configuration settings, resulting in a denial-of-service (DoS) condition.

Two other significant distinctions between the two sets of vulnerabilities are that, whereas CVE-2024-20252 affects Cisco Expressway Series devices in their default configuration, it only affects them when the cluster database (CDB) API capability is activated. By default, it is deactivated.

Versions 15.0.0 and 14.3.4 of the Cisco Expressway Series Release have patches available to address the vulnerabilities.

According to Horizon3.ai researcher Zach Hanley, Fortinet has issued a second round of fixes to address workarounds for a severe hole in the FortiSIEM supervisor that was previously made public and potentially allowed for the execution of arbitrary code.

With a CVSS score of 9.8, the vulnerabilities are tracked as CVE-2024-23108 & CVE-2024-23109 and “may allow a remote unauthenticated hacker to execute unauthorized commands via crafted API requests.”

It is important to note that in November 2023, Fortinet closed down CVE-2023-36553 (CVSS score: 9.3), which resolved another form of CVE-2023-34992. The following versions have been patched for the two new vulnerabilities:

1. FortiSIEM version 7.1.2 or above
2. FortiSIEM version 7.2.0 or above (upcoming)
3. FortiSIEM version 7.0.3 or above (upcoming)
4. FortiSIEM version 6.7.9 or above (upcoming)
5. FortiSIEM version 6.6.5 or above (upcoming)
6. FortiSIEM version 6.5.3 or above (upcoming), and
7. FortiSIEM version 6.4.4 or above (upcoming)

VMware completes the trifecta by alerting users to five vulnerabilities in Aria Operations for Networks (previously vRealize Network Insight) that range in severity from moderate to critical.

1. CVE-2024-22237 (CVSS score: 7.8) - A vulnerability in local privilege escalation that permits a console user to obtain regular root access.
2. CVE-2024-22238 (CVSS score: 6.4) - A vulnerability known as cross-site scripting (XSS) enables a hostile actor with administrator access to insert malicious code into user profile setups.
3. CVE-2024-22239 (CVSS score: 5.3) - A vulnerability in local privilege escalation that permits a console user to obtain normal shell access.
4. CVE-2024-22240 (CVSS score: 4.9) - A local file read vulnerability gives a malevolent party administrator rights to access private data.
5. CVE-2024-22241 (CVSS score: 4.3) - A vulnerability known as cross-site scripting (XSS) enables a malicious actor with administrator access to insert malicious code and take control of the user account.

It is advised that all users of VMware Aria Operations for Networks version 6.x update to version 6.12.0 to reduce the risks. Patching is the essential first step that enterprises need to take to address the weaknesses, especially in light of the history of exploitation when it comes to vulnerabilities in Cisco, Fortinet, and VMware.

Latest Updates