CISA to the Known Exploited Vulnerabilities Catalog

FortiGuard Labs is aware that the Cybersecurity & Infrastructure Security Agency (CISA) added CVE-2020-5741 (Plex Media Server remote code execution vulnerability) and CVE-2021-39144 (XStream Remote Code Execution Vulnerability) to their Known Exploited Vulnerabilities (KEV) catalog on March 10, 2023. The catalog lists vulnerabilities that are being actively exploited in the wild and require federal agencies…

PaperCut Remote Code Execution Vulnerability Exploited in the Wild

UPDATE 04/26/2023: Updated protection section for IPS protection.FortiGuard Labs is aware that a recently disclosed vulnerability in PaperCut MF/NG (CVE-2023-27350) is susceptible to a remote code execution attack and is currently being exploited in the wild. Various remote management and maintenance software and Truebot malware were reportedly to have been deployed to unpatched severs. As…

Patch Released for Critical vm2 Sandbox Escape Vulnerability

UPDATE April 19 2023: Updated to include another sandbox vulnerability in vm2 (CVE-2023-30547).Earlier this week, an update was released for a critical sandbox escape vulnerabilities in vm2 (CVE-2023-29017 and CVE-2023-29199) , which ultimately allows for remote code execution by an attacker. vm2 is a widely used module within the Node.js library that provides a sandbox…

ArcaneDoor Attack

rnWhat is the Attack?rnCisco issued an advisory on 24th April, regarding its Adaptive Security Appliances, multifunctional devices combining firewall, VPN, and other security functions. It reported that these appliances had become the focus of state-sponsored espionage, with attackers exploiting two previously unknown vulnerabilities to infiltrate government entities worldwide. In this campaign, two backdoors were deployed:…

Mitel MiCollab Unauthorized Access

What is the attack?Security flaws in Mitel MiCollab, CVE-2024–35286 and CVE-2024–41713, have been found, putting many organizations at risk. These vulnerabilities allow attackers bypass authentication and access files on affected servers, revealing sensitive information that could expose organizations to serious security risks. Mitel MiCollab is a popular solution that combines voice calling, video calling, chat,…

Ivanti Cloud Services Application (CSA) Vulnerabilities

What are the Vulnerabilities?Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) that could lead to privilege escalation and code execution. More details below:CVE-2024-11639, CVSS: 10.0 (Maximum Severity), authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain…