On Monday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) officially included a significant security vulnerability affecting ScienceLogic SL1 in its Known Exploited Vulnerabilities (KEV) list. This action comes in response to confirmed instances of active exploitation as a zero-day vulnerability.
The flaw, designated as CVE-2024-9537 (scoring 9.3 on the CVSS v4 scale), concerns a bug within an unspecified third-party component, which poses the risk of remote code execution for affected systems.
Remediation has been implemented in ScienceLogic SL1 versions 12.1.3, 12.2.3, and 12.3 and later. Additionally, patches are available for earlier versions, including 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.
This announcement follows a recent disclosure from cloud service provider Rackspace, which acknowledged issues tied to the ScienceLogic EM7 Portal. The platform was taken offline last month due to these vulnerabilities. According to reports, the exploit allowed unauthorized access to three internal Rackspace monitoring web servers, further heightening concerns about the implications of the zero-day attack.
While the identity of the attackers remains uncertain, Rackspace has confirmed unauthorized access to its internal performance reporting systems due to this exploitation and has started notifying affected clients. The initial reports of the breach were published by The Register, highlighting the ongoing nature of the threat.
Agencies within the Federal Civilian Executive Branch (FCEB) are mandated to implement the available patches by November 11, 2024, to mitigate potential risks to their networks. This underscores the urgency for organizations to stay vigilant and proactive in addressing emerging threats.
Fortinet Issues Critical Patches Amid Threat Activity
In a separate but timely development, Fortinet has rolled out security updates for FortiManager to address a vulnerability that is reportedly being targeted by threat actors linked to China. Specifics regarding the nature of the flaw have not been disclosed; however, Fortinet has historically communicated vulnerabilities confidentially to their customers to enhance security measures before public acknowledgment.
One security researcher has noted that Fortinet’s updates include a patch for an actively exploited zero-day vulnerability within FortiManager. However, the absence of a corresponding CVE or detailed documentation in release notes has left many in the cybersecurity community seeking clarity. This situation has drawn attention to the vulnerability, informally dubbed “FortiJump,” which is believed to be associated with the FortiGate to FortiManager (FGFM) protocol. A preliminary search revealed nearly 60,000 instances exposed to the internet, highlighting the potential risk.
Earlier this month, CISA had also added a critical vulnerability affecting Fortinet’s FortiOS, FortiPAM, FortiProxy, and FortiWeb, designated as CVE-2024-23113 with a CVSS score of 9.8, to its KEV catalog, suggesting it has been exploited in the wild.
As the cybersecurity landscape continues to evolve, organizations must prioritize patch management and vulnerability assessments to protect their assets. Understanding the MITRE ATT&CK framework can offer insights into the tactics and techniques employed by adversaries, which in the case of these attacks may include initial access, exploitation of vulnerabilities, and privilege escalation among others.
