A vulnerability has been disclosed in FortiOS and FortiProxy. The vulnerability is categorized as CVE-2024-21762 and has a 9.6 (Critical) CVSS score. The vulnerability allows for a remote unauthenticated attacker to craft HTTP requests to execute unexpected or unauthorized code or commands. This vulnerability has been added to CISA’s known exploited vulnerabilities catalog. This was[DFR1] a zero-day vulnerability, it is under active exploitation and needs to be fixed as soon as possible.

Cisco released an advisory on February 7th detailing three cross-site-request forgery (CSRF) vulnerabilities with CVSS 3.1 scores ranging from 8.2-9.6. The Critical vulnerabilities are CVE-2024-20252 and CVE-2024-20254, they allow for an unauthenticated, remote attacker to conduct CSRF attacks on an affected system. This is done through persuading a user of the API to follow a crafted link which would allow the attacker to perform arbitrary actions with the user’s privilege level. If this user is an administrator, they could modify system configuration and create new privileged accounts. The other vulnerability CVE-2024-20255, has a similar method of attack, but only allows an attacker, if they have obtained an administrator level account, to overwrite system configuration settings which could result in a denial-of-service condition.

A vulnerability has been discovered in Shim, an open-source bootloader on UEFI systems for Linux distributions. The vulnerability, identified as CVE-2023-40547, is a remote code execution vulnerability found by Bill Demirkapi from the Microsoft Security Response Center. The vulnerability allows Shim to trust attacker-controlled values when parsing an HTTP response resulting in a man-in-the-middle attack early in the boot phase. The attacker can craft a malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromised as reported by Red Hat.

There is a vulnerability present in Mastodon, an open-source network server. It is identified as CVE-2024-23832 with a CVSS score of 9.4 according to CNA GitHub. This vulnerability is a result of insufficient origin validation allowing attackers to impersonate and take over any remote account.

There is a vulnerability affecting several apple devices with iOS released before iOS 16.2. It is categorized as CVE-2022-48618 with a CVSS score of 7.8. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Active exploits are occurring, and federal agencies are ordered to patch by February 21, 2024, as it was added to the Known Exploited Vulnerabilities Catalog by CISA. CISA is the operational lead for federal cybersecurity and the national coordinator for critical infrastructure security. Their goal is to understand, manage and reduce risk to cyber and physical infrastructure. Their Known Exploited Vulnerabilities Catalog lists vulnerabilities that have a CVE ID, active exploitation occurring, and clear remediation guidance.

There is a vulnerability affecting Ivanti Connect Secure and Ivanti Policy Secure. It is categorized as CVE-2024-21893 with a CVSS score of 8.2. According to Ivanti, there is a server-side request forgery vulnerability present in the SAML component of Ivanti Connect Secure, Ivanti Policy Secure, as well as Ivanti Neurons for ZTA. This can allow an attacker to obtain access to restricted resources without authentication. Active exploitation is occurring with an increase in exploitation expected by Ivanti starting on February 1, 2024.

A vulnerability is present in GitLab Enterprise and Community, a popular DevSecOps platform, which is identified as CVE-2023-7028. This vulnerability has a CVSS score of 10.0 Critical according to GitLab Inc. and allows for an account-take-over of a GitLab administrator account without user interaction. This can be done by a remote attacker by sending two emails for a password reset query which will send a password reset request to both emails.

Cisco has identified a remote code execution vulnerability (CVE-2024-20253) within several of its Communication Manager and Contact Center solutions products. Cisco has rated this as a Critical Vulnerability with a CVSS base score of 9.9/10. Due to the improper processing of user provided data into memory, an attacker can exploit this vulnerability by sending a specifically crafted message to a listening port on the affected device. This can lead to Remote Code Execution and could result in the attacker gaining root access.

Vulnerability CVE-2024-0204 has been found in Fortra GoAnywhere Managed File Transfer software. It allows an unauthorized user to create an admin account via its administration portal. This gives the attacker administrative rights over the tool, allowing them to execute commands, edit configurations, upload files, and more. Horizon3ai has created PoC exploit code for this vulnerability to help the security professionals develop a patch or other mitigation measure to address the issue.