Fortinet Authentication Bypass Vulnerability
First up, CVE-2022-40684 affects multiple Fortinet products: FortiOS, FortiProxy, and FortiSwitchManager. The vulnerability, which was only recently discovered and disclosed last week, allows an attacker to execute code masquerading as an authorized user. With this device takeover, they can perform privileged operations, such as viewing files, changing permissions, and other confidential activities. So in this case we would likely see this as the start of a string of moves deeper into the victim’s network. Since switches connect devices across networks, this opens up the attack surface to an even greater degree. As is typical, vulnerabilities are exploited as the entryway in, so it is imperative to update the affected versions immediately.
Windows COM+ Event System Service Privilege Escalation Vulnerability
CISA did not waste any time adding an escalation of privilege vulnerability in Windows COM+ Event System Service to the KEV on the same day a patch was released.
Microsoft has rated the severity of CVE-2022-41033 as “Important” which is analogous to the High CVSS score it received. So although none of these organizations gave it a Critical rating, Microsoft’s update guide paints a different picture. The attack complexity is low and user interaction is not required, making this an easy vulnerability to exploit. The silver lining is that the attack vector is local, so they’ll need access to a regular user computer. But not all that glitters is gold, of course. The attacker will most likely reroute and target someone on the inside to exploit the vulnerability, e.g. tricking a legitimate user into opening a malicious document. So again, it will be crucial to remind employees (especially during National Cybersecurity Awareness Month) to stay vigilant and report any signs of phishing. An attacker can gain SYSTEM privileges, so it is important to install the updates as soon as possible.
#cisa #cisanalysis #microsoft #fortinet #vulnerabilities
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About VRX
VRX is a consolidated vulnerability management platform that protects assets in real time. Its rich, integrated features efficiently pinpoint and remediate the largest risks to your cyber infrastructure. Resolve the most pressing threats with efficient automation features and precise contextual analysis.
