Recent security patches have been released by Cisco, Fortinet, and VMware to address a series of security vulnerabilities, some of which are critical and could allow unauthorized actions on affected systems.
Cisco’s latest security patches address three vulnerabilities – CVE-2024-20252 and CVE-2024-20254, each with a CVSS score of 9.6, and CVE-2024-20255, with a score of 8.2 – found in the Cisco Expressway Series. These vulnerabilities could potentially allow an unauthenticated, remote attacker to execute cross-site request forgery (CSRF) attacks due to weak CSRF protections in the web management interface. Such attacks could enable the execution of arbitrary actions with the same privileges as the compromised user, including altering system configurations and creating new accounts with high-level privileges, especially if the user possesses administrative rights.
CVE-2024-20255 specifically could let an attacker, exploiting a user with administrative privileges, modify system settings or trigger a denial-of-service (DoS) state. Importantly, CVE-2024-20252 and CVE-2024-20254 mainly affect devices in their default setup, with CVE-2024-20252 also impacting systems where the cluster database (CDB) API feature is enabled.
Solutions for these issues are included in Cisco Expressway Series Release versions 14.3.4 and 15.0.0.
In addition, Fortinet has unveiled further updates to correct bypasses for a previously acknowledged critical flaw (CVE-2023-34992, CVSS score: 9.7) in FortiSIEM supervisor that could lead to the execution of arbitrary code. The newly identified vulnerabilities, CVE-2024-23108 and CVE-2024-23109 with CVSS scores of 9.8, could allow remote unauthenticated attackers to run unauthorized commands via crafted API requests. A variant of CVE-2023-34992 had been previously addressed by Fortinet in November 2023. These latest vulnerabilities will be rectified in future versions of FortiSIEM, from version 6.4.4 to 7.2.0.
VMware has also reported five vulnerabilities with moderate to important severity in Aria Operations for Networks, involving local privilege escalation and cross-site scripting (XSS) risks. Identified as CVE-2024-22237 through CVE-2024-22241, these vulnerabilities could enable console users to obtain elevated access or allow malicious actors with administrative privileges to inject harmful code. To counter these vulnerabilities, VMware advises users of Aria Operations for Networks version 6.x to upgrade to version 6.12.0.
Given the risk these vulnerabilities pose if exploited, Cisco, Fortinet, and VMware strongly recommend the swift application of these security patches to protect systems from potential threats.
Overview of the Top Vulnerabilities
CISCO:
CVE-2024-20252 and CVE-2024-20254 >>> CVSS score: 9.6
CVE-2024-20255 >>> CVSS score: 8.2
Fortinet:
CVE-2023-34992 >>> CVSS score: 9.7
CVE-2024-23108 and CVE-2024-23109 >>> CVSS scores: 9.8
WMware:
CVE-2024-22237 >>> CVSS score: 7.8