Over the past week, Access Tech has been addressing many of our clients about the following zero-day vulnerabilities:
- Citrix: XenServer and Citrix Hypervisor Security Update
- Two issues have been identified that affect XenServer and Citrix Hypervisor. Each issue may allow malicious, unprivileged code in a guest VM to infer the contents of memory belonging to its own or other VMs on the same host.
- Palo Alto Networks: CVE-2024-3400
- A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks’ PAN-OS software, for specific PAN-OS versions and distinct feature configurations, may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
- Fortinet: FG-IR-23-493
- An insufficiently protected credentials vulnerability (CWE-522) in FortiOS and FortiProxy may allow an attacker to obtain the administrator cookie under rare and specific conditions, by tricking the administrator into visiting a malicious, attacker-controlled website through SSL-VPN.
If you need help reviewing or assistance these vulnerabilities with patching the systems, please let us know as soon as possible.
Contact us today: https://www.accesstech.net/contact-us/get-in-touch/
For more insights on this topic: