CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack

CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack

October 22, 2024 at 01:06AM

CISA has added a critical vulnerability in ScienceLogic SL1 (CVE-2024-9537) to its KEV catalog due to active exploitation. This flaw could enable remote code execution. Fixes are available for several versions. Separately, Fortinet addressed an exploit linked to Chinese actors, but specifics remain undisclosed. Agencies must apply fixes by November 11, 2024.

**Meeting Takeaways – October 22, 2024**

1. **CISA Vulnerability Update:**
– CISA has added a critical vulnerability (CVE-2024-9537) affecting ScienceLogic SL1 to its Known Exploited Vulnerabilities catalog due to reports of active exploitation as a zero-day.
– This vulnerability, scored 9.3 on CVSS v4, can lead to remote code execution through an unspecified third-party component.
– The issue has been addressed in versions 12.1.3, 12.2.3, and 12.3 and later, with fixes also provided for versions 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.

2. **Rackspace Incident:**
– Rackspace acknowledged an issue with the ScienceLogic EM7 Portal, taking its dashboard offline at the end of last month.
– Unauthorized access to three internal monitoring web servers was confirmed due to the exploitation of this vulnerability.
– All impacted customers have been notified.

3. **Federal Civilian Executive Branch (FCEB) Compliance:**
– FCEB agencies are mandated to apply the necessary security fixes by November 11, 2024, to mitigate potential threats.

4. **Fortinet Security Updates:**
– Fortinet has released updates for FortiManager to address a vulnerability being exploited by threat actors linked to China.
– Specific details about the flaw are currently unknown, and it has not been documented in release notes.
– Security researcher Kevin Beaumont noted the confusion surrounding this zero-day vulnerability and its exploitation in FortiManager Cloud.

5. **Related Vulnerabilities:**
– CISA previously added another critical flaw (CVE-2024-23113, CVSS score: 9.8) affecting multiple Fortinet products to its KEV catalog based on evidence of exploitation in the wild.

These points highlight the urgency of addressing existing vulnerabilities in critical infrastructures and the ongoing challenges posed by cyber threats.

Full Article