Cisco, Fortinet, and VMware Address Critical Security Vulnerabilities
Cyber Threat / Network Security | Feb 08, 2024 | Newsroom
Cisco, Fortinet, and VMware have released security fixes for multiple vulnerabilities, including critical weaknesses that could allow unauthorized access and arbitrary actions on affected devices.
Security Fixes for Cisco Expressway Series
Cisco has identified three vulnerabilities, namely CVE-2024-20252, CVE-2024-20254, and CVE-2024-20255, affecting Cisco Expressway Series devices. These vulnerabilities have the potential for unauthorized remote access and cross-site request forgery (CSRF) attacks.
Cisco Expressway Series, if not properly protected against CSRF attacks, could enable an unauthenticated remote attacker to perform various actions, including modifying the system configuration and creating privileged accounts. Additionally, one of the vulnerabilities could lead to a denial-of-service (DoS) condition.
Patches addressing these vulnerabilities are now available in Cisco Expressway Series Release versions 14.3.4 and 15.0.0.
Updates for Fortinet FortiSIEM Supervisor
Fortinet has released an update to address bypasses for a previously disclosed critical vulnerability in the FortiSIEM Supervisor. This vulnerability, known as CVE-2023-34992, could potentially allow the execution of arbitrary code.
The newly identified vulnerabilities, CVE-2024-23108 and CVE-2024-23109, have similar risk levels and could enable a remote unauthenticated attacker to execute unauthorized commands through crafted API requests.
Fortinet’s upcoming versions, including FortiSIEM versions 7.1.2 and above, are expected to resolve these vulnerabilities. Users are strongly advised to update to these versions or higher to stay protected.
Aria Operations for Networks Vulnerabilities
VMware has issued a warning regarding several moderate-to-important severity vulnerabilities in Aria Operations for Networks, previously known as vRealize Network Insight. These vulnerabilities could potentially allow local privilege escalation, cross-site scripting (XSS) attacks, and unauthorized access to sensitive information.
Users of VMware Aria Operations for Networks version 6.x are recommended to upgrade to version 6.12.0 to address these vulnerabilities effectively.
It is vital for organizations to prioritize patching and apply these necessary security updates to protect against potential attacks and maintain a secure network environment.
For more cybersecurity news and exclusive content, follow us on Twitter and LinkedIn.