March 26, 2024 at 06:42AM
The US cybersecurity agency, CISA, warns about the exploitation of CVE-2023-48788, a critical SQL injection bug affecting Fortinet’s FortiClient EMS. Patches have been released, and the vulnerability has been added to CISA’s Known Exploited Vulnerabilities catalog. Concerns also extend to another vulnerability, CVE-2021-44529, affecting Ivanti Endpoint Manager. (Words: 50)
Based on the meeting notes, the key takeaways are:
1. The US cybersecurity agency CISA has issued a warning about the exploitation of a critical SQL injection vulnerability, tracked as CVE-2023-48788, in the Fortinet FortiClient Enterprise Management Server (EMS).
2. Fortinet has released patches in versions 7.0.11, 7.2.3, and later to address CVE-2023-48788.
3. The UK’s National Cyber Security Centre (NCSC) and a Fortinet employee are credited with discovering the vulnerability.
4. Horizon3.ai disclosed technical details and published a proof-of-concept (PoC) exploit on March 21.
5. CISA has added CVE-2023-48788 to its Known Exploited Vulnerabilities (KEV) catalog and urged organizations to install patches or implement mitigations promptly.
6. The vulnerability is being actively exploited “in the wild” according to Fortinet’s updated advisory.
7. Fortinet product vulnerabilities have historically been exploited by state-sponsored threat actors.
8. The Shadowserver Foundation observed 130 vulnerable systems accessible directly from the internet as of March 23.
9. CISA also added CVE-2021-44529, an old Ivanti Endpoint Manager vulnerability, to its KEV catalog, which allows an unauthenticated attacker to execute arbitrary code.
10. Threat intelligence firm GreyNoise has detected attempts to exploit CVE-2021-44529, potentially resulting from a backdoor in an open source project.
Let me know if there is anything else I can assist you with.