Security Advisory: Citrix, PAN, and Fortinet Recent Vulnerabilities

April 16, 2024
Access Tech: Have you been affected by these breaches?

Over the past week, Access Tech has been addressing many of our clients about the following zero-day vulnerabilities:

  1. Citrix: XenServer and Citrix Hypervisor Security Update
    • Two issues have been identified that affect XenServer and Citrix Hypervisor. Each issue may allow malicious, unprivileged code in a guest VM to infer the contents of memory belonging to its own or other VMs on the same host.
  2. Palo Alto Networks: CVE-2024-3400
    • A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks’ PAN-OS software, for specific PAN-OS versions and distinct feature configurations, may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.
  3. Fortinet: FG-IR-23-493
    • An insufficiently protected credentials vulnerability (CWE-522) in FortiOS and FortiProxy may allow an attacker to obtain the administrator cookie under rare and specific conditions, by tricking the administrator into visiting a malicious, attacker-controlled website through SSL-VPN.

If you need help reviewing or assistance these vulnerabilities with patching the systems, please let us know as soon as possible.

Contact us today:

For more insights on this topic: