Skip to main content
Criminals are now using the CSC/OCSIA name to facilitate scams referring to cryptocurrency via email. We will only ordinarily communicate with you if you have raised an issue with us.

Overview

Ivanti have released a security update to address two vulnerabilities affecting all supported versions of Connect Secure and Policy Secure Gateways. These vulnerabilities are currently being exploited by attackers.

Ivanti are currently working towards remediation and will release staggered patches once the appropriate steps have been taken to reduce the risk.

  • CVE-2023-46805 has been given a base score of 8.2, being an authentication bypass that can allow remote attackers to access restricted resources by bypassing control checks.
  • CVE-2024-21887 has been given a base score of 9.1, being categorised as a command infection vulnerability, which allows authenticated administrators to send specially crafted requests and execute arbitrary commands on the appliance.

Please note that the Ivanti vulnerability is currently being exploited by cyber-attackers.

Fortinet have released a security update to address a vulnerability in FortiOS and FortiProxy software. CVE-2023-44250 allows for unauthenticated attackers to perform elevated actions via crafted HTTP and HTTPS requests, to eventually take control of an affected system. Affected versions are:

  • FortiOS 7.4 – versions 7.4.0 through 7.4.1
  • FortiOS 7.2 – 7.2.5
  • FortiProxy 7.4 – 7.4.0 through 7.4.1

Cisco has reported a critical vulnerability (CVE-2024-20272) in Cisco Unity Connection that could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system.  Cisco has addressed this vulnerability with the release of a security update.

Juniper has released a security update for a critical vulnerability (CVE-2024-21611) in Junos OS and Juno OS Evolved that could allow a network-based attacker to make a Denial of Service attack. 

Zoho has reported a vulnerability (CVE-2024-0252) in the ManageEngine ADSelfService Plus.  The software is used to simplify and automate various tasks related to Active Directory (AD) administration. This critical vulnerability could allow an attacker to execute remote codes on a device where the vulnerable software is installed.

GitLab have released a critical security update to address five vulnerabilities in GitLab Community Edition and Enterprise Edition.

  • CVE-2023-7028 is classed as critical, with a base score of 10, could allow user password reset emails to be delivered to unverified email addresses.
  • CVE-2023-5356 involves incorrect authorisation checks and could allow a user to abuse Slack/Mattermost integrations to carry out commands as another user.

VMware have released a security update to address a critical vulnerability in VMware Aria Automation. CVS-2023-34063, with a base score of 9.9, could allow unauthorised access to remote organisations and workstations.

Atlassian have released a security update to address a critical vulnerability in Confluence Data Center and Server. CVE-2023-22527, has a base score of 10, could allow an unauthenticated attacker to achieve remote code execution on an affected device.

Microsoft have released their monthly security update to address multiple vulnerabilities found in multiple products, three of which have been identified as critical.

  • CVE-2024-0057 has a base score of 9.2 and affects NET, the .NET Framework and Visual Studio. The security feature bypass vulnerability can be exploited by attackers who produce specially a crafted X.509 certificate that intentionally induces a chain building failure.
  • CVE-2024-20674 has a base score of 9.0 and affects multiple Windows products. Authenticated attackers exploit this vulnerability by launching a MitM attack, or other local spoofing technique, then send a malicious Kerberos message to the victim machine to spoof itself as the Kerberos authentication server.
  • CVE-2023-29357, affecting Sharepoint, is currently being exploited by cyber-attackers. This vulnerability could allow an attacker to gain administrator privileges and execute arbitrary code on compromised servers.

Citrix have released a security advisory addressing two vulnerabilities found in NetScaler ADC and NetScaler Gateway. CVE-2023-6548 impacts the management interface and can lead to remote code execution. CVE-2023-6549 allows unauthenticated denial of service. Affected versions include:

  • NetScaler ADC and NetScaler Gateway 14.1 before 14.1-12.35
  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-51.15
  • NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.21
  • NetScaler ADC 13.1-FIPS before 13.1-37.176
  • NetScaler ADC 12.1-FIPS before 12.1-55.302
  • NetScaler ADC 12.1-NDcPP before 12.1-55.302

Customers using Citrix-managed cloud services or Citrix-managed Adaptive Authentication do not need to take action.

Google have released a security update addressing three vulnerabilities in Google Chrome. CVE-2024-0519 is a high severity vulnerability, involving an out of bounds memory access, which could allow attackers to exploit heap corruption. CVE-2024-0517 and CVE-2024-0518 respectively involve an out of bounds write and a type confusion. Affected versions include:

  • Windows – All versions prior to 120.0.6099.244/225
  • Mac – All versions prior to 120.0.6099.234
  • Linux – All versions prior to 120.0.6099.224

Recommended Action

Organisations are encouraged to review the appropriate security advisory pages and apply the updates:

Ivanti Security Update

Fortinet Vulnerability Summary

Cisco Security Advisories

Juniper Support Portal

ZohoSecurity Advisory

GitLab Security Release

VMware Security Advisory

Atlassian Security Update

Microsoft Security Bulletin and Update Guide

Citrix Security Bulletin

Google Security Update

 

If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.

Topics

  • Advisory
  • Vulnerability
  • Exploit
  • Patches and Updates