The US Cybersecurity and Infrastructure Security Agency (CISA) on Monday added critical security flaw that affects ScienceLogic SL1 before its known vulnerabilities (KEV) directory after reports of active operation as day zero.
The vulnerability in question is tracked as CVE-2024-9537 (CVSS v4 score: 9.3) refers to a bug in an unspecified third-party component that could lead to remote code execution.
The issue has since been fixed in versions 12.1.3, 12.2.3, and 12.3 and later. Fixes were also available for versions 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.
The development comes weeks after Rackspace’s cloud hosting admitted that he “became aware of an issue with the ScienceLogic EM7 portal” that forced him to take the control panel offline late last month.
“We have confirmed that this third-party application’s exploit led to access to three internal Rackspace monitoring web servers,” an account named ynezzor said in message X on September 28, 2024.
It is unclear who is behind the attack, although Rackspace has confirmed to Bleeping Computer that the zero-day exploit resulted in unauthorized access to internal performance reporting systems and that it has notified all affected customers. There was a violation reported for the first time according to The Register.
Federal Civilian Executive Entities (FCEB) have until November 11, 2024 to apply the fixes to counter potential threats to their networks.
Fortinet fixes a likely bug in use
This comes after Fortinet released security updates for FortiManager to address a vulnerability reportedly being exploited by China-related threats.
Details of the flaw are currently unknown, although in the past Fortinet has sent confidential messages to customers in advance to help them strengthen their defenses before it is released to a wider audience. The Hacker News has reached out to the company, and we’ll update when we hear back.
“FortiGate released one of six new versions of FortiManager that fix an actively exploited zero day in the product… but they did not release a CVE or document the issue in the release notes. Maybe next week?,” security researcher Kevin Beaumont said on Mastodon.
“Fortigate currently has the world’s least secret zero-day used by China, including in FortiManager Cloud…but everyone is confused.”
Earlier this month, CISA added another critical flaw affecting Fortinet FortiOS, FortiPAM, FortiProxy and FortiWeb (CVE-2024-23113CVSS score: 9.8) to its KEV catalog based on evidence of exploitation in the wild.
