CISA has added four actively exploited vulnerabilities to its catalog, including critical flaws in Fortinet VPN appliances and Ivanti products that require immediate patching.
The Cybersecurity and Infrastructure Security Agency (CISA) has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, marking them as actively targeted by threat actors. Organizations are strongly urged to apply patches immediately to prevent potential compromise.
Critical Fortinet VPN Flaws
Two critical vulnerabilities in Fortinet FortiOS and FortiProxy VPN appliances have been added to the catalog:
CVE-2023-27997 (CVSS 9.3) - A path traversal vulnerability in FortiOS SSL VPN that allows unauthenticated attackers to execute arbitrary code or commands via specially crafted HTTP requests.
CVE-2023-28177 (CVSS 9.3) - A post-authentication command injection flaw in FortiProxy that enables authenticated users to execute arbitrary commands with root privileges.
Both vulnerabilities affect FortiOS versions 7.0.0 through 7.0.4 and FortiProxy versions 7.0.0 through 7.0.3. Fortinet released patches in April 2023, but CISA reports these flaws continue to be exploited in active campaigns.
Ivanti Endpoint Manager Vulnerabilities
Two additional vulnerabilities in Ivanti Endpoint Manager (EPM) have been cataloged:
CVE-2023-35078 (CVSS 9.8) - A critical SQL injection vulnerability in the LANDESK Management Suite that allows authenticated attackers to execute arbitrary SQL commands, potentially leading to complete system compromise.
CVE-2023-35081 (CVSS 8.8) - An authentication bypass flaw in the same product that enables attackers to gain unauthorized administrative access without valid credentials.
Ivanti released patches in June 2023, but CISA emphasizes these vulnerabilities remain actively exploited in the wild.
Immediate Action Required
CISA's Binding Operational Directive (BOD) 22-01 requires federal agencies to patch these vulnerabilities by the specified due dates. While the directive applies to federal agencies, CISA strongly recommends all organizations follow suit.
Organizations should:
- Immediately review their exposure to these vulnerabilities
- Apply available patches without delay
- Implement compensating controls if patching is not immediately possible
- Monitor for indicators of compromise
Broader Context
The addition of these vulnerabilities underscores the persistent threat posed by unpatched VPN appliances and endpoint management systems. Attackers continue to target these infrastructure components as they provide privileged access to enterprise networks.
Organizations running affected versions should prioritize these patches above routine updates, as exploitation could lead to complete network compromise, data theft, or ransomware deployment.
For the complete list of vulnerabilities in CISA's KEV catalog and detailed mitigation guidance, visit CISA's Known Exploited Vulnerabilities Catalog.
Comments
Please log in or register to join the discussion