A recent security alert warns of three critical vulnerabilities actively exploited in the wild, of which the first is CVE-2023-48788, an SQL injection vulnerability in Fortinet FortiClient EMS.
Attackers can use SQL injection vulnerabilities to insert malicious SQL code into a program that depends on a database.
It can give attackers unauthorized access to sensitive information, modify data, or disrupt operations.
The second vulnerability (CVE-2021-44529) is a code injection vulnerability present in the Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA).
Free Webinar : Mitigating Vulnerability & 0-day Threats
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.:
- The problem of vulnerability fatigue today
- Difference between CVSS-specific vulnerability vs risk-based vulnerability
- Evaluating vulnerabilities based on the business impact/risk
- Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, that helps you to quantify risk accurately:
Code injection vulnerabilities allow attackers to inject malicious code into a legitimate program or application.
In the case of CVE-2021-44529, it enables attackers to take control of the EPM CSA server, steal data, or install malware.
The third vulnerability (CVE-2019-7256) is an OS command injection vulnerability found in Nice Linear eMerge E3-Series devices, which allows attackers to execute arbitrary commands on the operating system of the affected device.
It can grant attackers complete control over the device, allowing them to steal data, install malware, or disrupt critical systems, as all three of these vulnerabilities are classified as critical due to the potential severity of an exploit.
As per CISA , a recent security alert highlights three critical vulnerabilities actively exploited by malicious actors, posing a significant risk to federal systems and affecting the following software and devices, which many people use: Nice Linear eMerge E3-Series devices (CVE-2019-7256), which may be used for IP telephony or videoconferencing, Fortinet FortiClient EMS (CVE-2023-48788); and Ivanti Endpoint Manager Cloud Service Appliance (EEM CSA, CVE-2021-44529).
The vulnerabilities themselves cover different injection techniques but achieve similar results: attackers can inject malicious code to gain unauthorized access, steal data, install malware, or disrupt system operations.
The vulnerabilities align with the established Binding Operational Directive (BOD) 22-01, which identified known exploited vulnerabilities as a major threat to federal systems.
The BOD mandates Federal Civilian Executive Branch (FCEB) agencies to address such vulnerabilities by designated due dates to safeguard their networks from active exploitation.
A security alert underscores the critical importance of promptly addressing vulnerabilities listed in a central catalog, known as vulnerability management, which is essential for maintaining a strong cybersecurity posture.
It involves proactively identifying, classifying, prioritizing, and remediating security weaknesses in systems and applications, while a specific directive (BOD 22-01) mandates vulnerability management for certain agencies, but all organizations are urged to follow suit.
Attackers are actively utilizing critical vulnerabilities in the central catalog and taking various forms, including SQL injection, code injection, and OS command injection vulnerabilities.
In a successful SQL injection attack, for instance, attackers can inject malicious SQL code into a program to steal data or disrupt operations, while code injection vulnerabilities allow attackers to inject malicious code into a target system to achieve similar ends.
OS command injection vulnerabilities grant attackers the ability to execute arbitrary commands on the operating system, potentially giving them full control over the affected device.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.