CyberSecurity updates
Updated: 2024-10-17 20:24:09 Pacfic

Flag This

do son @ Vulnerability Archives

CISA Adds Three Actively Exploited Vulnerabilities to KEV Catalog, Urges Urgent Patching - 6d


Read more: securityonline.info

The US Cybersecurity and Infrastructure Security Agency (CISA) has added three new security vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, due to confirmed reports of active exploitation in the wild. These vulnerabilities pose significant risks to organizations and require immediate attention. The three vulnerabilities added to the KEV Catalog include a format string vulnerability in multiple Fortinet products, a SQL injection vulnerability in Ivanti Cloud Services Appliance (CSA), and an OS command injection vulnerability in Ivanti CSA. The addition of these vulnerabilities to the KEV Catalog highlights the ongoing threat posed by malicious cyber actors who actively exploit known vulnerabilities. CISA urges all organizations to prioritize timely remediation of vulnerabilities listed in the KEV Catalog as part of their vulnerability management practices to reduce their exposure to cyberattacks.

References:

  • Security Archives - Software company Ivanti released security patches for three new CSA zero-day vulnerabilities actively exploited in attacks. - 8d
  • Vulnerability Archives - Ivanti has recently released urgent security updates for its Cloud Services Appliance (CSA) to address multiple vulnerabilities, including one that is actively being exploited in the wild. - 8d
  • All CISA Advisories - CISA's official alert about the addition of vulnerabilities to the KEV Catalog. - 8d
  • forums.ivanti.com - Security Advisory: Ivanti CSA Cloud Services Appliance - CVE-2024-9379, CVE-2024-9380, CVE-2024-9381 - 8d
  • Malware Analysis, News and Indicators - New Ivanti CSA Zero-Days Under Active Exploitation; Critical RCE in Connect Secure & Policy Secure - 8d
  • socradar.io - Critical Vulnerability in Ivanti Cloud Services Appliance (CSA) Exploited in Attacks - CVE-2024-8963 - 8d
  • Malware Analysis, News and Indicators - Malware News: Attacks Involving Critical Ivanti CSA Bugs Underway - 8d
  • SOCRadar - SocRadar article specifically detailing the Ivanti CSA vulnerabilities. - 8d
  • www.scworld.com - Attacks involving critical Ivanti CSA bugs underway - 7d
  • Vulnerability Archives - SecurityOnline.info's article on CISA's addition of vulnerabilities to the KEV Catalog. - 7d
  • @feeds - Microsoft October update patches two zero-day vulnerabilities it says are being actively exploited - 5d
  • @jos1264 - Microsoft October update patches two zero-day vulnerabilities it says are being actively exploited - 5d
  • News - Microsoft October update patches two zero-day vulnerabilities it says are being actively exploited - 5d
  • ciso2ciso.com - Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited – Source:thehackernews.com - 4d
  • @jos1264 - Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited – Source:thehackernews.com - 4d
  • Security Risk Advisors - Headline: 🚩 Advanced adversary chains zero-day vulnerabilities to compromise Ivanti Cloud Services Appliances - 2d
  • Security Archives - U.S. CISA adds Fortinet products and Ivanti CSA bugs to its Known Exploited Vulnerabilities catalog - 2d

Classification:

  • HashTags: #CISA #KEV #Vulnerability
  • Company: Fortinet Ivanti
  • Product: Fortinet Multiple Products Ivanti Cloud Services Appliance
  • Type: Vulnerability
  • Severity: Major






This site is an experimental news aggregator using feeds I personally follow. You can reach me using contacts here if you have feedback. You can also find Flathis at Mastodon.