CISA Highlights Urgent Security Fixes for Newly Exploited Vulnerabilities
Charles M. Walls | March 26, 2024 | Views: 163
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) catalog to include three security flaws, highlighting active attacks against these vulnerabilities.
The newly identified vulnerabilities are:
- CVE-2023-48788 with a CVSS score of 9.3, detailing a SQL Injection flaw in Fortinet FortiClient EMS.
- CVE-2021-44529, scoring 9.8, identifies a Code Injection vulnerability within Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA).
- CVE-2019-7256, which tops the chart with a CVSS score of 10.0, points to an OS Command Injection issue in Nice Linear eMerge E3-Series.The Fortinet FortiClient EMS vulnerability emerged earlier this month, identified as a loophole that could let hackers execute unauthorized code or commands by sending specially designed requests. Fortinet has updated its advisory to acknowledge that this vulnerability has been exploited in real-world attacks, though specifics of these incidents remain undisclosed.
The Ivanti vulnerability, CVE-2021-44529, allows attackers to run malicious code with restricted permissions without needing authentication. Security researcher Ron Bowes suggested that this vulnerability might stem from what appears to be an intentional backdoor in the csrf-magic project, a theory tracing back to at least 2014.
As for CVE-2019-7256, it has been known to enable remote code execution on Nice Linear eMerge E3-Series systems since at least February 2020. Nice, previously known as Nortek, addressed this and several other vulnerabilities following their disclosure by Gjoko Krstic in May 2019.
With these vulnerabilities actively being exploited, CISA mandates federal agencies to implement the recommended fixes by April 15, 2024.
These announcements coincide with a joint alert from CISA and the FBI, calling on software developers to mitigate SQL injection vulnerabilities. This includes the CVE-2023-34362 in Progress Software's MOVEit Transfer, which the Cl0p ransomware group (also known as Lace Tempest) has exploited to compromise numerous organizations. Despite longstanding awareness and documented mitigation strategies for SQL injection flaws, software developers continue to release products with these vulnerabilities, exposing users to significant risks.