The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a serious vulnerability affecting ScienceLogic SL1 to its Known Exploited Vulnerabilities (KEV) catalog, following reports of ongoing zero-day exploits.
This critical flaw, identified as CVE-2024-9537 (CVSS v4 score: 9.3), involves a bug related to an unspecified third-party component that could enable remote code execution.
ScienceLogic has addressed the issue in versions 12.1.3, 12.2.3, and 12.3 and later. Fixes are also available for earlier versions, including 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.
This announcement follows a recent incident where cloud hosting provider Rackspace reported issues with the ScienceLogic EM7 Portal, leading to the temporary shutdown of its dashboard late last month. An account named ynezzor noted on X (formerly Twitter) that the exploitation of this third-party application resulted in unauthorized access to three internal Rackspace monitoring servers.
While the perpetrators of the attack remain unidentified, Rackspace confirmed to Bleeping Computer that the zero-day exploit granted unauthorized access to its internal performance reporting systems, and it has informed affected customers. This breach was initially reported by The Register.
Federal Civilian Executive Branch (FCEB) agencies are mandated to implement the necessary fixes by November 11, 2024, to mitigate potential threats to their networks.
Fortinet Releases Patches for Potentially Exploited Flaw
In related news, Fortinet has issued security updates for FortiManager to address a vulnerability that is reportedly being exploited by threat actors linked to China. While details about this flaw remain scarce, Fortinet has previously provided confidential communications to customers to help them strengthen their defenses before public disclosure. The Hacker News has reached out to the company for further information and will provide updates as they become available.
Security researcher Kevin Beaumont commented on Mastodon that FortiGate has released one of six new versions of FortiManager to fix the actively exploited zero-day, but has not yet issued a CVE or documented the issue in the release notes. He noted that there is significant confusion surrounding the situation, particularly regarding the zero-day affecting FortiManager Cloud.
Earlier this month, CISA also added another critical vulnerability impacting Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb (CVE-2024-23113, CVSS score: 9.8) to its KEV catalog due to evidence of exploitation in the wild.
Follow Latest Hacker News for regular updates!!!