Priya PatelTLDR:
- CISA issues a security alert warning of active exploitation of critical vulnerabilities in Fortinet, Ivanti, and Nice Linear devices
- Vulnerabilities include SQL injection in Fortinet FortiClient EMS, code injection in Ivanti EPM CSA, and OS command injection in Nice Linear eMerge E3-Series devices
CISA has issued a recent security alert warning of active exploitation of three critical vulnerabilities that are being actively exploited in the wild. The first vulnerability, CVE-2023-48788, is an SQL injection vulnerability in Fortinet FortiClient EMS, allowing attackers to insert malicious SQL code into the database-dependent program. The second vulnerability, CVE-2021-44529, is a code injection vulnerability in Ivanti Endpoint Manager Cloud Service Appliance, enabling attackers to take control of the server. The third vulnerability, CVE-2019-7256, is an OS command injection vulnerability in Nice Linear eMerge E3-Series devices, allowing attackers to execute arbitrary commands on the operating system. These vulnerabilities are classified as critical and pose significant risks to organizations. It is recommended to promptly address these vulnerabilities through vulnerability management practices to maintain a strong cybersecurity posture and protect against malicious exploitation.
