See you in next week’s News!
Fortinet Releases Critical Updates for FortiOS, FortiNAC and More
Fortinet has released security updates to address 40 security vulnerabilities affecting its FortiWeb, FortiOS, FortiNAC, and FortiProxy solutions. Two of the 40 vulnerabilities identified are considered critical, and 15 have a high level of importance.
Two of Fortinet’s Vulnerabilities are 9.8/10 Score
The critical vulnerabilities include CVE-2022-39952, a remote code execution (RCE) vulnerability in FortiNAC’s keyUpload script that could allow unauthorized code or commands to be executed by unauthenticated threat actors through specially crafted HTTP requests. The affected versions include;
- FortiNAC 9.4.0,
- FortiNAC 9.2.0 – 9.2.5,
- FortiNAC 9.1.0 – 9.1.7,
- FortiNAC 8.8 all versions,
- FortiNAC 8.7 all versions,
- FortiNAC 8.6 all versions,
- FortiNAC 8.5 all versions, and
- FortiNAC 8.3 all versions.
The second critical vulnerability, CVE-2021-42756, affects FortiWeb Proxy and is caused by a stack-based buffer overflow vulnerability. This vulnerability could allow an unauthenticated, remote threat actor to execute arbitrary code on vulnerable systems through specially crafted HTTP requests. The affected versions include;
- FortiWeb 5. x all versions,
- FortiWeb 6.0.7 and below,
- FortiWeb 6.1.2 and below,
- FortiWeb 6.2.6 and below,
- FortiWeb 6.3.16 and below, and
- all versions of FortiWeb 6.4.
Fortinet has also released security updates for other vulnerabilities affecting FortiADC, FortiExtender, FortiOS, FortiProxy, FortiSwitchManager, FortiWAN, FortiAnalyzer, FortiAuthenticator, FortiPortal, and FortiSandbox. Users are advised to apply the updates promptly to avoid potential attacks exploiting these vulnerabilities.
Critical Vulnerability Alert in ClamAV
A critical remote code execution vulnerability has been discovered in ClamAV, an open-source anti-virus software by Cisco. It is an open-source (GPLv2) virus protection solution designed for email scanning, especially in mail gateways.
The security vulnerability, identified as CVE-2023-20032, is due to a memory error resulting from the unchecked buffer size in the HFS+ file parser component. Threat actors can take advantage of this security vulnerability by sending an HFS+ partitioning file prepared by ClamAV for scanning to a vulnerable device. Successful exploitation of the vulnerability by threat actors can result in the execution of arbitrary code with the same privileges as the ClamAV scanning process or a denial of service (DoS) condition.
The Affected ClamAV Applications
- Secure Endpoint (Advanced Malware Protection) for Windows, MacOS, and Linux devices
- Secure Endpoint Private Cloud
- Secure Web Appliance
It has been confirmed that the Secure Email Gateway and Secure Email and Web Manager products are not affected by the vulnerability.
In addition to the above vulnerability, a ClamAV information disclosure vulnerability affecting the DMG file parser, tracked by code CVE-2023-20052, has also been resolved with the release of versions 0.103.8, 0.105.2, and 1.0.1. In this context, it is recommended to apply the released updates promptly to avoid being targeted by attacks that can be carried out using the vulnerabilities.
Reddit Suffered a Security Breach Resulting in Unauthorized Access to Internal Systems
Reddit suffered a security breach resulting in unauthorized access to its internal systems, sensitive documents, and system source code by threat actors. The breach occurred through a phishing campaign targeting Reddit employees, where threat actors used a fake login page mimicking the company’s intranet site to obtain employee login credentials and two-factor authentication tokens.
Reddit released that user accounts and passwords are safe
Reddit confirmed the success of the phishing attack, stating that one employee’s login credentials were compromised, allowing threat actors to gain access to its internal systems, certain internal documents, source codes, internal dashboards, and other business systems. However, Reddit reassured users that their passwords and accounts were not compromised. The affected employee reported the incident, and the security team quickly responded by removing the attacker’s access and conducting an internal investigation.
Reddit recommended users enable two-factor authentication and regularly update their login credentials with strong password policies to avoid potential risks.