The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently expanded its Known Exploited Vulnerabilities (KEV) list, highlighting three critical security flaws. This update comes with a warning, as evidence suggests these vulnerabilities are actively being exploited.
The following are the flaws that were added:
- CVE-2023-48788: SQL Injection Vulnerability in Fortinet FortiClient EMS with a CVSS score of 9.3.
- CVE-2021-44529: Code Injection Vulnerability in the Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) rated at 9.8 on the CVSS scale.
- CVE-2019-7256: Linear eMerge E3-Series OS Command Injection Vulnerability, receiving a severity score of 10.0.
Fortinet Identifies Severe SQL Injection Vulnerability In FortiClientEMS Software
One of the identified vulnerabilities affects Fortinet FortiClient EMS, which was discovered earlier this month. This flaw, identified by the CVE-2023-48788 designation, enables attackers to execute unauthorized code or commands by exploiting specially crafted requests, bypassing permission restrictions.
Since then, Fortinet has updated its warning to confirm that the vulnerability has indeed been exploited in the wild. However, further details regarding the nature of these attacks remain undisclosed at this time.
In contrast, CVE-2021-44529 pertains to a code injection flaw within the Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA). This vulnerability enables an unauthorized user who is not logged in to execute malicious code with restricted access privileges.
According to a recent study by security researcher Ron Bowes, there is speculation that the vulnerability may have been intentionally introduced as a backdoor in csrf-magic, an open-source project that has been in existence since 2014 but is now defunct.
Furthermore, threat actors were observed exploiting CVE-2019-7256 as early as February 2020. This flaw enables attackers to remotely execute code on Nice Linear eMerge E3-Series access controls.
Nice, formerly known as Nortek, addressed the vulnerability, along with 11 others, earlier this month. However, it’s worth noting that security expert Gjoko Krstic initially disclosed these flaws in May 2019.
Federal agencies are required to implement the fixes provided by the vendor no later than April 15, 2024, as these three vulnerabilities are actively exploited against them.
Following recent developments, both CISA and the FBI issued a joint warning urging software companies to address SQL injection vulnerabilities. This advisory comes in response to the actions of the Cl0p ransomware group, also known as Lace Tempest, who exploited CVE-2023-34362, a significant SQL injection flaw within Progress Software’s MOVEit Transfer. This exploit allowed them to breach thousands of businesses.
The groups emphasized “Despite widespread knowledge and documentation of SQLi vulnerabilities over the past two decades, along with the availability of effective mitigations, software manufacturers continue to develop products with this defect, which puts many customers at risk,”
MANAGED CYBERSECURITY SOLUTIONS
Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.
About Rhyno Cybersecurity Services
Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.
Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.