The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified three actively exploited security flaws, adding them to its Known Exploited Vulnerabilities (KEV) catalog.
Furthermore, among these vulnerabilities are CVE-2023-36584, a Microsoft Windows Mark-of-the-Web (MotW) Security Feature Bypass, and CVE-2023-1671, a critical Sophos Web Appliance Command Injection. While no public reports detail in-the-wild attacks using CVE-2023-1671, the addition of CVE-2023-36584 is based on a report from Palo Alto Networks Unit 42, outlining spear-phishing attacks by the pro-Russian APT group Storm-0978. Federal agencies are advised to apply fixes by December 7, 2023, to mitigate potential threats.
Additionally, in a related development, Fortinet has disclosed a critical command injection vulnerability (CVE-2023-36553, CVSS score: 9.3) in FortiSIEM report server. This flaw, a variant of CVE-2023-34992, allows remote attackers to execute arbitrary commands.
At the same time, Fortinet recommends upgrading affected versions to 7.1.0, 7.0.1, 6.7.6, 6.6.4, 6.5.2, 6.4.3, or later to address the vulnerability. The improper neutralization of special elements in an OS command vulnerability in FortiSIEM report server highlights the need for prompt action to prevent unauthorized command execution.
These developments underscore the ongoing challenges in cybersecurity, emphasizing the importance of proactive measures and prompt patching to protect against actively exploited vulnerabilities.