Cyble Research and Intelligence Labs (CRIL) has identified new IT vulnerabilities affecting Fortinet, SonicWall, Grafana Labs, and CyberPanel, among others. The report for the week of October 23-29 highlights seven IT vulnerabilities that require urgent attention from security teams, particularly given the sheer number of exposed devices involved.
The latest findings indicate that vulnerabilities in Fortinet, SonicWall, and Grafana Labs impact over 1 million web-facing assets. Notably, two high-severity vulnerabilities in CyberPanel have already been leveraged in widespread ransomware attacks. Organizations are urged to quickly assess their environments for these vulnerabilities and implement necessary patches and mitigations.
Major IT Vulnerabilities of the Week
Here are the top vulnerabilities detailed by Cyble’s researchers, emphasizing the potential impact on IT security:
CVE-2024-40766: SonicWall SonicOS
Rated at 9.8 for severity, CVE-2024-40766 represents an improper access control vulnerability within the administrative interface of SonicWall’s SonicOS. This vulnerability has garnered the attention of managed security firms like Arctic Wolf, which report that ransomware groups such as Fog and Akira are exploiting it in SSL VPN environments to infiltrate networks.
CVE-2024-47575 and CVE-2024-23113: Fortinet FortiOS and FortiManager
Fortinet has been targeted by threat actors exploiting two vulnerabilities, both rated at 9.8. CVE-2024-47575, also known as “FortiJump,” allows attackers to execute arbitrary code through specially crafted requests in FortiManager. Concerns had arisen about Fortinet’s delay in disclosing this zero-day vulnerability prior to its public announcement on October 23.
While Fortinet did notify some customers of a vulnerability in FortiManager with recommended mitigations, reports indicate that not all customers received this communication, highlighting a potential gap in the advisory process.
Furthermore, CVE-2024-23113 affects multiple versions of FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager, allowing remote, unauthenticated attackers to execute arbitrary code.
CVE-2024-9264: Grafana Labs
The vulnerability, rated at 9.4, CVE-2024-9264, concerns the SQL Expressions feature in Grafana Labs’ open-source analytics and monitoring platform. This vulnerability allows for command injection and local file inclusion due to insufficient sanitization of user input in ‘duckdb’ queries.
CVE-2024-51567 and CVE-2024-51568: CyberPanel
CyberPanel has recently faced severe vulnerabilities rated at 10.0, CVE-2024-51567, and CVE-2024-51568. The first vulnerability allows attackers to bypass authentication and execute arbitrary commands, leading to significant exploitation in recent ransomware attacks. The second vulnerability involves a command injection flaw that poses serious risks to server management.
CVE-2024-46483: Xlight FTP Server
This critical integer overflow vulnerability affects the Xlight FTP Server, potentially allowing attackers to exploit packet parsing logic leading to heap overflows. With the availability of public Proof of Concepts (PoCs), this vulnerability could be weaponized in various attack campaigns.
Recommendations and Mitigations
To mitigate the risks posed by these vulnerabilities, organizations are encouraged to adopt the following best practices:
- Ensure all software and hardware systems receive the latest patches from official vendors.
- Implement an organized approach to inventory management, patch assessment, testing, deployment, and verification.
- Isolate critical assets using firewalls, VLANs, and access controls to reduce the attack surface.
- Create and maintain an incident response plan, testing it regularly to adapt to emerging threats.
- Employ comprehensive monitoring solutions to detect and analyze suspicious activities in real-time.
- Keep abreast of advisories from vendors, CERTs, and other sources to quickly address vulnerabilities.
- Engage in vulnerability assessments and penetration testing to identify and remediate weaknesses.
Conclusion
The vulnerabilities identified this week highlight the need for organizations to prioritize the patching of critical IT vulnerabilities. With the increasing chatter about these exploits on dark web forums, security teams must remain vigilant and proactive.
Implementing better security practices is essential to safeguard sensitive data and maintain the integrity of systems against online threats. The vulnerabilities in Fortinet, SonicWall, and Grafana Labs represent just a fraction of the risks that IT environments face today, making immediate action imperative.