The U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) released a joint advisory warning that Russia-linked hackers are exploiting five known vulnerabilities in popular enterprise equipment to gain access to corporate networks.
“Mitigation against these vulnerabilities is critically important as U.S. and allied networks are constantly scanned, targeted, and exploited by Russian state-sponsored cyber actors,” the three agencies said. “NSA, CISA, and FBI strongly encourage all cybersecurity stakeholders to check their networks for indicators of compromise related to all five vulnerabilities and the techniques detailed in the advisory and to urgently implement associated mitigations.”
The five vulnerabilities shared by the NSA, CISA, and FBI are as follows:
CVE-2018-13379 Fortinet FortiGate VPN - a path traversal issue in the FortiOS SSL VPN web portal. The vulnerability allows a remote attacker to perform directory traversal attacks.
CVE-2019-9670 Synacor Zimbra Collaboration Suite - an XML External Entity injection issue in Zimbra Collaboration Suite that allows a remote attacker to gain access to sensitive information.
CVE-2019-11510 Pulse Secure Pulse Connect Secure VPN - a path traversal issue in Pulse Connect Secure that allows a remote hacker to read arbitrary files on the system.
CVE-2019-19781 Citrix Application Delivery Controller and Gateway - a path traversal and remote code execution issue in Citrix ADC and Gateway that allows a remote attacker to perform directory traversal attacks.
CVE-2020-4006 VMware Workspace ONE Access - a remote code execution issue in VMware products.