Tag Archives: Shadowserver

October “In the Trend of VM” (#20): vulnerabilities in Cisco ASA/FTD and sudo

Leave a reply

October In the Trend of VM (#20): vulnerabilities in Cisco ASA/FTD and sudo

October “In the Trend of VM” (#20): vulnerabilities in Cisco ASA/FTD and sudo. A traditional monthly roundup. This time, once again, no Microsoft vulnerabilities. 😲

🗞 Post on Habr (rus)
🗞 Post on SecurityLab (rus)
🗒 Digest on the PT website (rus)

Only three identifiers in total:

🔻 Remote Code Execution – Cisco ASA/FTD (CVE-2025-20333, CVE-2025-20362). This vulnerability chain has been exploited in attacks since May 2025, but there are no public exploits yet.
🔻 Elevation of Privilege – Sudo (CVE-2025-32463). There are signs of in-the-wild exploitation and many public exploits are available.

На русском

About Remote Code Execution – Cisco ASA/FTD (CVE-2025-20333, CVE-2025-20362) vulnerability

Leave a reply

About Remote Code Execution - Cisco ASA/FTD (CVE-2025-20333, CVE-2025-20362) vulnerability

About Remote Code Execution – Cisco ASA/FTD (CVE-2025-20333, CVE-2025-20362) vulnerability. Cisco ASA and FTD are among the most widely used solutions for perimeter protection and for providing remote access to corporate infrastructure. 🔗 On September 25, Cisco released updates addressing a chain of vulnerabilities that could allow attackers take full control of affected devices:

🔻 Vulnerability CVE-2025-20362 allows an unauthenticated attacker to access a restricted URL.

🔻 Vulnerability CVE-2025-20333 allows an authenticated attacker to execute arbitrary code as root.

👾 Cisco reports that the vulnerability chain has been exploited in attacks since May 2025. The attacks are linked to the ArcaneDoor campaign and use the LINE VIPER and RayInitiator malware.

🛠 There are no public exploits yet.

🌐 Shadowserver shows over 45,000 vulnerable hosts, with more than 2,000 of them in Russia.

На русском

New episode “In the Trend of VM” (#12): 8 February CVEs & Why the Darknet Matters for VM Specialists

Leave a reply

New episode “In the Trend of VM” (#12): 8 February CVEs & Why the Darknet Matters for VM Specialists. Now with a new design and new video editing. 😉

📹 Video on YouTube and LinkedIn
🗞 Post on Habr (rus)
🗒 Digest on the PT website

Content:

🔻 00:00 Greetings
🔻 00:23 Remote Code Execution – Windows Lightweight Directory Access Protocol (LDAP) (CVE-2024-49112)
🔻 01:35 Remote Code Execution – Microsoft Configuration Manager (CVE-2024-43468)
🔻 02:38 Remote Code Execution – Windows OLE (CVE-2025-21298)
🔻 03:55 Elevation of Privilege – Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21333, CVE-2025-21334, CVE-2025-21335)
🔻 05:02 Authentication Bypass – FortiOS/FortiProxy (CVE-2024-55591)
🔻 06:16 Remote Code Execution – 7-Zip (CVE-2025-0411)
🔻 07:27 Should a VM specialist be aware of what is happening in the Darknet?
🔻 08:48 About the digest of trending vulnerabilities

На русском

About Authentication Bypass – FortiOS (CVE-2024-55591) vulnerability

1 Reply

About Authentication Bypass - FortiOS (CVE-2024-55591) vulnerability

About Authentication Bypass – FortiOS (CVE-2024-55591) vulnerability. A critical flaw allows remote attackers to gain super-admin privileges via crafted requests to the Node.js websocket module. Affected systems include Fortinet devices running FortiOS (e.g., FortiGate NGFW) and FortiProxy.

🔹 On January 10, Arctic Wolf reported attacks on Fortinet devices that began in November 2024. Attackers create accounts with random names, modify device settings, and gain access to internal systems.

🔹 The vendor advisory was published on January 14. The vulnerability was added to the CISA KEV.

🔹 A public exploit has been available on GitHub since January 21.

🔹 As of January 26, Shadow Server reports around 45,000 vulnerable devices accessible from the Internet.

The vendor recommends updating FortiOS and FortiProxy to secure versions and restricting or disabling administrative HTTP/HTTPS interfaces.

На русском

New episode “In The Trend of VM” (#10): 8 trending vulnerabilities of November, zero budget VM and who should look for patches

Leave a reply

New episode “In The Trend of VM” (#10): 8 trending vulnerabilities of November, zero budget VM and who should look for patches. The competition for the best question on the topic of VM continues. 😉🎁

📹 Video on YouTube, LinkedIn
🗞 Post on Habr (rus)
🗒 Digest on the PT website

Content:

🔻 00:29 Spoofing – Windows NTLM (CVE-2024-43451)
🔻 01:16 Elevation of Privilege – Windows Task Scheduler (CVE-2024-49039)
🔻 02:16 Spoofing – Microsoft Exchange (CVE-2024-49040)
🔻 03:03 Elevation of Privilege – needrestart (CVE-2024-48990)
🔻 04:11 Remote Code Execution – FortiManager “FortiJump” (CVE-2024-47575)
🔻 05:19 Authentication Bypass – PAN-OS (CVE-2024-0012)
🔻 06:32 Elevation of Privilege – PAN-OS (CVE-2024-9474)
🔻 07:42 Path Traversal – Zyxel firewall (CVE-2024-11667)
🔻 08:37 Is it possible to Manage Vulnerabilities with no budget?
🔻 09:53 Should a VM specialist specify a patch to install on the host in a Vulnerability Remediation task?
🔻 10:51 Full digest of trending vulnerabilities
🔻 11:18 Backstage

На русском

About Elevation of Privilege – PAN-OS (CVE-2024-9474) vulnerability

2 Replies

About Elevation of Privilege - PAN-OS (CVE-2024-9474) vulnerability

About Elevation of Privilege – PAN-OS (CVE-2024-9474) vulnerability. An attacker with PAN-OS administrator access to the management web interface can perform actions on the Palo Alto device with root privileges. Linux commands can be injected via unvalidated input in script.

The need for authentication and admin access could limit this vulnerability’s impact, but here we have the previous vulnerability Authentication Bypass – PAN-OS (CVE-2024-0012). 😏 Exploitation of this vulnerability chain was noted by Palo Alto on November 17. After November 19, when the watchTowr Labs article was published and exploits appeared, mass attacks began.

On November 21, Shadowserver reported that ~2000 hosts were compromised, mostly in the US and India. According to Wiz, attackers deployed web shells, Sliver implants and cryptominers.

На русском