November 17, 2023 at 01:06AM
The U.S. CISA has added three security flaws to its Known Exploited Vulnerabilities catalog based on evidence of active exploitation. The vulnerabilities include a Microsoft Windows security bypass, a Sophos command injection, and an unspecified Oracle vulnerability. A critical command injection bug has also been disclosed in FortiSIEM report server. Federal agencies are urged to apply fixes to secure their networks.
Key takeaways from the meeting notes:
1. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation.
– CVE-2023-36584: Microsoft Windows MotW Security Feature Bypass Vulnerability.
– CVE-2023-1671: Sophos Web Appliance Command Injection Vulnerability.
– CVE-2023-2551: Oracle Fusion Middleware Unspecified Vulnerability.
2. CVE-2023-1671 allows for the execution of arbitrary code, while CVE-2023-2551 allows an unauthenticated attacker to compromise the WebLogic Server.
3. No public reports currently document attacks using CVE-2023-1671 and CVE-2023-2551.
4. CVE-2023-36584 was added to the KEV catalog after a report from Palo Alto Networks Unit 42. It has been used alongside CVE-2023-36884 by a pro-Russian APT group known as Storm-0978 to deliver the RomCom RAT.
5. Federal agencies are advised to apply fixes for the mentioned vulnerabilities by December 7, 2023.
6. Fortinet has disclosed a critical command injection vulnerability (CVE-2023-36553) in FortiSIEM report server. It is a variant of CVE-2023-34992, which was previously fixed by Fortinet.
7. The vulnerability in FortiSIEM report server can be exploited by attackers to execute arbitrary commands.
8. The impacted versions of FortiSIEM are 4.7, 4.9, 4.10, 5.0, 5.1, 5.2, 5.3, and 5.4. The fix is available in versions 7.1.0, 7.0.1, 6.7.6, 6.6.4, 6.5.2, 6.4.3, or later.
9. Follow us on Twitter and LinkedIn for more exclusive content.