Alert from CISA About Critical Flaw in Fortinet Software While Urgent Security Patches Released by Palo Alto and Cisco

AndyC 10 October 2024

Oct 10, 2024Ravie LakshmananVulnerability / Network Security

The Cybersecurity and Infrastructure Security Agency (CISA) in the United States raised an alarm on Wednesday included a crucial security issue affecting Fortinet products in its List o

CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches

Oct 10, 2024Ravie LakshmananVulnerability / Network Security

CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches

The Cybersecurity and Infrastructure Security Agency (CISA) in the United States raised an alarm on Wednesday included a crucial security issue affecting Fortinet products in its List of Known Exploited Weaknesses (KEV) catalog, pointing to proof of ongoing exploitation.

The flaw, known as CVE-2024-23113 (CVSS score: 9.8), concerns instances of remote code execution affecting FortiOS, FortiPAM, FortiProxy, and FortiWeb.

“A manipulation of externally-controlled format string vulnerability [CWE-134] in FortiOS fgfmd daemon could enable an external unauthenticated attacker to carry out random code or commands through specially designed requests,” Fortinet pointed out in a bulletin for the weakness earlier in February 2024.

Cybersecurity

As is typically the case, the notice lacks details about the ongoing exploitation of the vulnerability, or the identity of the entity using it and its targets.

In response to active exploitation, the Federal Civilian Executive Branch (FCEB) departments are required to apply the fixes provided by the supplier by October 30, 2024, for maximum security.

Revealing of Crucial Vulnerabilities in Expedition by Palo Alto Networks

The disclosure from Palo Alto Networks is about multiple flaws in Expedition that could let an intruder access database contents and arbitrary files, along with writing arbitrary files to temporary storage areas on the system.

“When combined, these include details like usernames, passwords in plain text, device setups, and API keys of PAN-OS firewalls,” Palo Alto Networks expressed in an alert on Wednesday.

Fortinet Flaw

The vulnerabilities affect all editions of Expedition preceding version 1.2.96, and they are detailed as follows –

  • CVE-2024-9463 (CVSS score: 9.9) – A fault in the operating system (OS) that permits an unverified attacker to run random OS commands as a superuser
  • CVE-2024-9464 (CVSS score: 9.3) – A bug in the OS allowing a verified attacker to execute random OS commands as a superuser
  • CVE-2024-9465 (CVSS score: 9.2) – A vulnerability in SQL that allows an unverified attacker to disclose Expedition database contents
  • CVE-2024-9466 (CVSS score: 8.2) – An error in storing sensitive information openly allowing a verified attacker to disclose firewall usernames, passwords, and API keys created with those credentials
  • CVE-2024-9467 (CVSS score: 7.0) – A security flaw in handling web content that empowers the execution of hostile JavaScript in the context of a verified Expedition user’s browser upon clicking on a malicious link, facilitating phishing efforts that might result in the theft of the user’s Expedition browser session

The credit goes to Zach Hanley of Horizon3.ai for finding and reporting CVE-2024-9464, CVE-2024-9465, and CVE-2024-9466, and to Enrique Castillo of Palo Alto Networks for CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, and CVE-2024-9467.

There is no proof that these concerns have been maliciously exploited.in nature, despite the fact that instructions to replicate the issue are already publicly available, courtesy of Horizon3.ai.

Cybersecurity

Around 23 Journey servers accessible on the web, the majority of which are situated in the U.S., Belgium, Germany, the Netherlands, and Australia. To reduce risks, it is advised to restrict access to authorized users, devices, or networks, and to deactivate the software when not actively in use.

Cisco Resolves Nexus Dashboard Fabric Controller Vulnerability

Cisco recently issued patches to fix a serious command execution vulnerability in Nexus Dashboard Fabric Controller (NDFC), which is attributed to improper user authorization and inadequate validation of command parameters.

Identified as CVE-2024-20432 (CVSS score: 9.9), this flaw could enable a low-privileged, authenticated remote attacker to execute a command injection attack on a vulnerable device. The issue has been resolved in NDFC version 12.2.2. It’s important to note that versions 11.5 and earlier are not vulnerable.

“Exploiting this vulnerability involves sending malicious commands to a vulnerable REST API endpoint or via the web UI,” as per the statement. “A successful exploit could allow the attacker to run unauthorized commands on the CLI of a Cisco NDFC-managed device with network-admin privileges.”

If you found this article intriguing, don’t forget to follow us on Twitter and LinkedIn for more exclusive content.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

AndyC 20 December 2025
WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability

AndyC 20 December 2025
Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks

Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks

AndyC 20 December 2025
New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

New UEFI Flaw Enables Early-Boot DMA Attacks on ASRock, ASUS, GIGABYTE, MSI Motherboards

AndyC 20 December 2025
China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware

AndyC 19 December 2025
HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

AndyC 19 December 2025

You may have missed

Amazon Warns Perncious Fake North Korea IT Worker Threat Has Become Widespread

Randall Munroe’s XKCD ‘Fifteen Years’

AndyC 20 December 2025
Why AppSec Can’t Keep Up With AI-Generated Code

Google Shutting Down Dark Web Report Met with Mixed Reactions

AndyC 20 December 2025
Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

Cracked Software and YouTube Videos Spread CountLoader and GachiLoader Malware

AndyC 20 December 2025
Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

AndyC 20 December 2025
Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

Containing the Inevitable: What Cyber Leaders Must Prepare for in 2026

AndyC 20 December 2025

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.