19 April 2021

NSA, CISA and FBI expose 5 security vulnerabilities exploited by nation-state hackers


NSA, CISA and FBI expose 5 security vulnerabilities exploited by nation-state hackers

The U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) released a joint advisory warning that Russia-linked hackers are exploiting five known vulnerabilities in popular enterprise equipment to gain access to corporate networks.

“Mitigation against these vulnerabilities is critically important as U.S. and allied networks are constantly scanned, targeted, and exploited by Russian state-sponsored cyber actors,” the three agencies said. “NSA, CISA, and FBI strongly encourage all cybersecurity stakeholders to check their networks for indicators of compromise related to all five vulnerabilities and the techniques detailed in the advisory and to urgently implement associated mitigations.”

The five vulnerabilities shared by the NSA, CISA, and FBI are as follows:

CVE-2018-13379 Fortinet FortiGate VPN - a path traversal issue in the FortiOS SSL VPN web portal. The vulnerability allows a remote attacker to perform directory traversal attacks.

CVE-2019-9670 Synacor Zimbra Collaboration Suite - an XML External Entity injection issue in Zimbra Collaboration Suite that allows a remote attacker to gain access to sensitive information.

CVE-2019-11510 Pulse Secure Pulse Connect Secure VPN - a path traversal issue in Pulse Connect Secure that allows a remote hacker to read arbitrary files on the system.

CVE-2019-19781 Citrix Application Delivery Controller and Gateway - a path traversal and remote code execution issue in Citrix ADC and Gateway that allows a remote attacker to perform directory traversal attacks.

CVE-2020-4006 VMware Workspace ONE Access - a remote code execution issue in VMware products.

Back to the list

Latest Posts

Fujitsu discloses malware infection, warns of possible data leak

Fujitsu discloses malware infection, warns of possible data leak

The tech giant did not specify what kind of malware its systems have been infected with.
19 March 2024
ShadowSyndicate ransomware group targeting Aiohttp flaw

ShadowSyndicate ransomware group targeting Aiohttp flaw

Organizations are urged to update to Aiohttp v3.9.
18 March 2024
The International Monetary Fund discloses cyberattack affecting 11 email accounts

The International Monetary Fund discloses cyberattack affecting 11 email accounts

The organization did not share any additional details regarding the nature of the attack.
18 March 2024