CISA Issues Alerts: Active Exploitation Detected in Fortinet, Ivanti, and Nice Products – A Quick Glimpse.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added three security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These vulnerabilities are critical as they are being actively exploited in the wild, posing a significant threat to systems.

Details of the Exploited Flaws

The three vulnerabilities affect the following products:

• Fortinet FortiClient EMS (CVE-2023-48788): This SQL injection vulnerability allows unauthenticated attackers to execute malicious code on affected systems. Fortinet has released patches to address this flaw.
• Ivanti Endpoint Manager Cloud Service Appliance (EEM CSA, CVE-2021-44529): This code injection vulnerability grants attackers with limited access the ability to execute malicious code. Ivanti has also issued patches for this vulnerability.
• Nice Linear eMerge E3-Series devices (CVE-2019-7256): This vulnerability has been around for a while and can be exploited to compromise these IP telephony or video conferencing devices. Nice has likely released patches to address this issue as well, but users should confirm.
• Urgency for Patching and Mitigating Risks

CISA has mandated that all federal agencies address these vulnerabilities by applying the vendor-provided mitigations by April 15, 2024. This deadline highlights the critical nature of these flaws.

The CISA alert comes amidst a growing concern about SQL injection vulnerabilities. A recent joint advisory from CISA and the FBI urged software manufacturers to prioritize fixing such vulnerabilities following a ransomware attack that exploited an SQL injection flaw.

Mitigation Steps

Given the severity of these actively exploited vulnerabilities, immediate action is crucial. Here’s what organizations should do:

• Identify Affected Systems: Check your IT infrastructure to identify if you use any of the mentioned products: Fortinet FortiClient EMS, Ivanti EPM CSA, or Nice eMerge E3-Series devices.
• Apply Vendor Patches: The respective vendors, Fortinet, Ivanti, and Nice, have released patches to address these vulnerabilities. Prioritize patching these systems as soon as possible. Refer to the vendor’s instructions for applying the patches correctly.
• Segment Networks: If patching is not immediately feasible due to compatibility issues or testing requirements, consider segmenting networks to isolate potentially vulnerable systems and limit the potential damage in case of a breach.
• Enable Endpoint Detection and Response (EDR): Having an EDR solution in place can help detect and respond to suspicious activity even if a system is compromised.

Additional Recommendations

• Stay Informed: Subscribe to security advisories from CISA and the vendors to stay updated on the latest vulnerabilities and recommended actions.
• Prioritize Security Updates: Make a habit of applying security updates promptly, especially for critical vulnerabilities.
• Educate Users: Train employees on cybersecurity best practices, such as phishing awareness and avoiding suspicious links.

By following these recommendations, organizations can significantly reduce the risk of being exploited through these vulnerabilities. Remember, patching is the most critical step. Act swiftly to secure your systems and mitigate the potential damage.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.