Security News > 2024 > March > CISA Alerts on Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products

CISA Alerts on Active Exploitation of Flaws in Fortinet, Ivanti, and Nice Products
2024-03-26 04:54

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities added are as follows - CVE-2023-48788 (CVSS score: 9.3) - Fortinet FortiClient EMS SQL Injection Vulnerability CVE-2021-44529 (CVSS score: 9.8) - Ivanti


News URL

https://thehackernews.com/2024/03/cisa-alerts-on-active-exploitation-of.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-03-12 CVE-2023-48788 SQL Injection vulnerability in Fortinet Forticlient Enterprise Management Server
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted packets.
network
low complexity
fortinet CWE-89
critical
 9.8
9.8
2021-12-08 CVE-2021-44529 Code Injection vulnerability in Ivanti Endpoint Manager Cloud Services Appliance 4.5/4.6
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).
network
low complexity
ivanti CWE-94
critical
 9.8
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Fortinet 164 56 387 164 77 684
Ivanti 23 9 59 74 51 193