Skip to main content

Overview

Fortra has released advisories for a critical and high-severity vulnerability found in FileCatalyst Workflow.

  • CVE-2024-6632 is an SQL injection vulnerability with a CVSS score of 7.2, which if exploited could allow an unauthenticated attacker to modify or delete data in the application database and create administrative users.
  • CVE-2024-6633 is an insecure default vulnerability with a CVSS score of 9.8 that could allow an unauthenticated attacker remote access to the database, permitting data manipulation or exfiltration from the database, and admin user creation with access levels contained to the sandbox.

FileCatalyst is an accelerated file transfer software solution that allows the transfer of large files over remote networks.

Versa Director is affected by a high-severity, privilege-escalation vulnerability (CVE-2024-39717) that could allow potentially malicious files to be uploaded by users with Provider-Data-Centre-Admin or Provider-Data-Centre-System-Admin privileges.  There is evidence of exploitation by an Advanced Persistent Threat actor. 

The Versa Director is a key component in managing many SD-WAN networks and is used by some Internet Service Providers (ISPs) and Managed Service Providers (MSPs).

Cisco has addressed two critical vulnerabilities affecting Cisco Smart Licensing Utility:

  • CVE-2024-20439, allows unauthenticated attackers to log into unpatched systems remotely using an "undocumented static user credential for an administrative account.
  • CVE-2024-20440 allows unauthenticated threat actors can exploit to access log files containing sensitive data (including API credentials) by sending crafted HTTP requests to affected devices.

Recommended Action

Organisations are encouraged to review the appropriate security advisory pages and apply the updates:

FortraAdvisory

VersaSecurity Bulletin

Cisco – Security advisory

If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.

Topics

  • Advisory
  • Vulnerability
  • Exploit
  • Patches and Updates