Urgent Action Required: Critical Patches Released for Cisco, Fortinet, and VMware Products

Attention all IT professionals and network administrators! Critical security vulnerabilities have been discovered in widely used products from Cisco, Fortinet, and VMware, exposing your systems to potential compromise. 

Here's the breakdown:

If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts," Cisco said about CVE-2024-20252 and CVE-2024-20254.

• Cisco Expressway Series: Three vulnerabilities (CVE-2024-20252, CVE-2024-20254, CVE-2024-20255) allow unauthenticated remote attackers to conduct Cross-Site Request Forgery (CSRF) attacks, potentially taking control of affected systems. These vulnerabilities are rated as critical (CVSS score: 9.6 and 8.2) and require immediate patching. Update to Cisco Expressway Series Release versions 14.3.4 and 15.0.0.
• Fortinet FortiSIEM: New vulnerabilities (CVE-2024-23108 and CVE-2024-23109) bypass a previously patched critical flaw, allowing attackers to execute arbitrary code and gain complete control of affected systems. These vulnerabilities are also rated critical (CVSS score: 9.8) and require patching as soon as possible. Update to FortiSIEM versions 7.1.2 or above, 7.2.0 (upcoming), 7.0.3 (upcoming), 6.7.9 (upcoming), or 6.6.5 (upcoming).
• VMware Workspace ONE Access and Identity Manager: Multiple vulnerabilities (CVE-2024-22237, CVE-2024-22239) enable local privilege escalation, allowing attackers with console access to gain elevated privileges and potentially compromise the entire system. These vulnerabilities range from medium to high severity (CVSS score: 7.8 and 5.3) and require patching according to your risk tolerance. Refer to the VMware advisory for specific updates based on your version.