Cisco Releases Security Advisories for Multiple Products
Cisco has released security advisories for vulnerabilities affecting multiple Cisco products. A remote cyber threat actor could exploit these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review the following advisories and apply the necessary updates:
Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows Privilege Escalation Vulnerability cisco-sa-ac-csc-privesc-wx4U4Kw
Cisco Expressway Series and Cisco TelePresence Video Communication Server Privilege Escalation Vulnerabilities cisco-sa-expressway-priv-esc-Ls2B9t7b
Cisco Unified Communications Manager IM & Presence Service Denial of Service Vulnerability cisco-sa-cucm-imp-dos-49GL7rzT
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software for Firepower 2100 Series Appliances SSL/TLS Denial of Service Vulnerability cisco-sa-asaftd-ssl-dos-uu7mV5p6
Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows Privilege Escalation Vulnerability cisco-sa-ac-csc-privesc-wx4U4Kw
Cisco Small Business 200, 300, and 500 Series Switches Web-Based Management Stored Cross-Site Scripting Vulnerability cisco-sa-smb-sxss-OPYJZUmE
Cisco Unified Communications Manager Denial of Service Vulnerability cisco-sa-cucm-dos-4Ag3yWbD
Cisco Secure Workload Authenticated OpenAPI Privilege Escalation Vulnerability cisco-sa-csw-auth-openapi-kTndjdNX
For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.
CISA Issues BOD 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces
Today, CISA issued Binding Operational Directive (BOD) 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces, requiring Federal Civilian Executive Branch (FCEB) agencies to reduce risks posed by internet-exposed networked management interfaces on federal information systems. This Directive applies to dedicated device interfaces that are accessible over network protocols and are meant exclusively for authorized users to perform administrative activities on a device, a group of devices, or the network itself.
Agencies must be prepared to remove identified networked management interfaces from exposure to the internet, or protect them with Zero-Trust capabilities that implement a policy enforcement point separate from the interface itself. CISA will monitor and support agency adherence, providing additional resources as needed. FCEB agencies should contact CISA at cyberdirectives@cisa.dhs.gov for additional information.
While BOD 23-02 strictly applies to FCEB agencies, this threat extends to every sector. CISA recommends all stakeholders review and adopt this guidance.
Fortinet Releases Security Updates for FortiOS and FortiProxy
Fortinet has released security updates to address a heap-based buffer overflow vulnerability CVE-2023-27997 in FortiOS and FortiProxy. An attacker could exploit this vulnerability to take control of an affected system.
CISA encourages users and administrators to review Fortinet security advisory FG-IR-23-097 and apply the necessary updates.
VMware Releases Security Update for Aria Operations for Networks
VMware has released a security update to address multiple vulnerabilities in Aria Operations for Networks (Formerly vRealize Network Insight). The vulnerabilities were evaluated to fall within the critical severity range, as a malicious actor with network access may be able to perform a command injection attack resulting in remote code execution. Patches have been made available to remediate the vulnerabilities found in VMWare products.
CISA encourages users and administrators to review VMware Security Advisory VMSA-2023-0012 and apply the necessary updates.
Mozilla Releases Security Updates for Multiple Products
Mozilla has released security updates to address vulnerabilities for Firefox 114 and Firefox ESR 102.12. An attacker could exploit these vulnerabilities to take control of an affected system.
CISA encourages users and administrators to review Mozilla’s security advisories for Firefox 114 and Firefox ESR 102.12 for more information and apply the necessary updates.
CISA and FBI Release #StopRansomware: CL0P Ransomware Gang Exploits MOVEit Vulnerability
CISA and FBI released a joint Cybersecurity Advisory (CSA) CL0P Ransomware Gang Exploits MOVEit Vulnerability in response to a recent vulnerability exploitation attributed to CL0P Ransomware Gang. This [joint guide] provides indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) identified through FBI investigations as recently as May this year. Additionally, it provides immediate actions to help reduce the impact of CL0P ransomware.
The CL0P Ransomware Gang, also known as TA505, reportedly began exploiting a previously unknown SQL injection vulnerability in Progress Software’s managed file transfer (MFT) solution known as MOVEit Transfer. Internet- facing MOVEit Transfer web applications were infected with a web shell named LEMURLOOT, which was then used to steal data from underlying MOVEit Transfer databases.
CISA and FBI encourage information technology (IT) network defenders to review the MOVEit Transfer Advisory and implement the recommended mitigations to reduce the risk of compromise. This joint CSA is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed TTPs and IOCs to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.