October 2, 2024 at 11:05AM
The U.S. cybersecurity agency CISA has issued a warning about two critical vulnerabilities in Optigo Networks ONS-S8 Aggregation Switch products, used in critical infrastructure worldwide. The flaws allow bypassing of password requirements and could lead to remote code execution. No fixes are available, so users are advised to apply suggested mitigations proposed by the Canadian vendor. CISA recommends specific actions to mitigate the risks, including isolating management traffic and using a secure VPN for connections to OneView.
From the meeting notes, it is clear that the U.S. cybersecurity agency CISA has issued a warning about two critical vulnerabilities in Optigo Networks ONS-S8 Aggregation Switch products used in critical infrastructure. The vulnerabilities allow for authentication bypass and remote code execution, posing a very high risk due to their remote exploitability with low attack complexity.
The first flaw, tracked as CVE-2024-41925, pertains to a PHP Remote File Inclusion problem, allowing for directory traversal, bypassing authentication, and executing arbitrary remote code. The second issue, tracked as CVE-2024-45367, involves weak authentication, enabling unauthorized access to the switches’ management interface and potentially compromising sensitive data.
While no fixes are currently available, users are advised to apply suggested mitigations proposed by the Canadian vendor, which include isolating management traffic, connecting to OneView through a dedicated NIC, configuring router firewalls, using secure VPN connections, and following CISA’s cybersecurity guidance.
It is important for system administrators to implement these mitigation actions and to follow CISA’s cybersecurity guidance, perform risk assessments, implement layered security, and report any suspicious activity on these devices to CISA for tracking and correlation with other incidents.