Skip to content Skip to footer

CISA Adds Three Critical Vulnerabilities to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added three new security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities are (CVSS score: 9.3) – Fortinet FortiClient EMS SQL Injection Vulnerability, (CVSS score: 9.8) – Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability, and (CVSS score: 10.0) – Nice Linear eMerge E3-Series OS Command Injection Vulnerability.

The first vulnerability impacting Fortinet FortiClient EMS was revealed earlier this month. The company described it as a flaw that could enable an unauthenticated attacker to execute unauthorized code or commands through specifically crafted requests. Fortinet has since revised its advisory to confirm that it has been exploited in the wild. However, no further details regarding the nature of the attacks are currently available.

pertains to a code injection vulnerability in Endpoint Manager Cloud Service Appliance (EPM CSA) that enables an unauthenticated user to execute malicious code with limited permissions. Recent research published by security researcher Ron Bowes suggests that the flaw may have been introduced as an intentional in a now-discontinued open-source project called csrf-magic that existed at least since 2014.

permits attackers to execute remote code on Nice Linear eMerge E3-Series access controllers. Threat actors exploited it as early as February 2020. Nice (formerly Nortek) addressed the flaw and 11 other bugs earlier this month. However, security researcher Gjoko Krstic initially disclosed these vulnerabilities in May 2019.

In light of the active exploitation of the three flaws, federal agencies must apply the vendor-provided mitigations by April 15, 2024. This is crucial to ensure that all systems are adequately protected against the identified vulnerabilities.

The development comes as CISA and the Federal Bureau of Investigation (FBI) released a joint alert, urging software manufacturers to mitigate SQL injection flaws. The advisory highlighted the exploitation of CVE-2023-34362, a critical SQL injection vulnerability in Progress Software's MOVEit Transfer, by the Cl0p gang (Lace Tempest) to breach thousands of organizations.

It is essential to note that despite widespread knowledge and documentation of SQLi vulnerabilities over the past two decades, along with the availability of effective mitigations, software manufacturers continue to products with this defect, which puts many customers at risk. Therefore, it is highly recommended that organizations ensure they have the latest patches and updates installed and conduct regular vulnerability assessments to identify and remediate any potential security weaknesses.

Leave a comment

Newsletter Signup
Address

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

I have photographic memory! It's a curse!Nikon

Deitasoft © 2024. All Rights Reserved.