Overview
Palo Alto Networks has reported a critical vulnerability (CVE-2024-3400) affecting specific PAN-OS firewall versions, i.e. PAN-OS 10.2, 11.0 and 11.1, that could allow an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not affected. This vulnerability is currently being exploited by cyber-attackers.
Previous mitigations advised by Palo Alto Networks have been found to be ineffective, including the recommendation that device telemetry should be disabled. The more effective mitigation is to install the latest version of the PAN-OS software.
Fortinet has released three security advisories to address one critical and two high-severity vulnerabilities:
FortiClientLinux – CVE-2023-45590 (critical). This may allow an unauthenticated attacker to execute arbitrary code via tricking a FortiClientLinux user into visiting a malicious website.
FortiClientMac – CVE-2023-45588 (high). This may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.
FortiOS and FortiProxy – CVE-2023-41677 (high). This may allow an attacker to obtain the administrator cookie in rare and specific conditions, via tricking the administrator into visiting a malicious attacker-controlled website through the SSL-VPN.
Progress has released a security update (CVE-2024-2389) for Flowmon 12.3.5 and Flowmon 11.1.14. Unauthenticated, remote attackers can gain access to the web interface of Flowmon to issue a carefully crafted API command that will allow arbitrary system commands to be executed without authentication.
Samsung has released its April security update package that address multiple vulnerabilities in its latest models of mobile phones. Patches for one critical vulnerability and 26 high-severity vulnerabilities are included in this update package.
Microsoft have released their monthly security bulletin for April, addressing multiple vulnerabilities contained within their products. There is one critical vulnerability, CVE-2024-29990, with a base score of 9.0, which affects Microsoft Azure Kubernets Service, which could lead to privilege elevation, however exploitation is less likely.
Adobe have released security updates to address multiple vulnerabilities in Adobe software, which could be exploited to take control of affected systems. Products affected include After Effects, Photoshop, InDesign, Illustrator and Animate, among others. If you or your business use any of these products Adobe recommend you review the individual vulnerability bulletins for precise advice and guidance.
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
Palo Alto Networks – Security Advisories
Fortinet – FortiClientMac, FortiOS and FortiProxy and FortiClientLinux
Progress – Flowmon
Samsung – April Security Update
Microsoft – April Security Bulletin
Adobe – CISA Report with links to Individual Bulletins
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.