What is the Vulnerability?CVE-2024-27348 is a remote code execution (RCE) vulnerability affecting Apache HugeGraph-Server. HugeGraph is a versatile graph database that integrates seamlessly with the Apache TinkerPop3 framework and the Gremlin query language, making it the first graph database project under the Apache umbrella.This vulnerability in particular allows unauthenticated attackers to execute arbitrary operating system commands, which could result in unauthorized access, data manipulation, and potentially a complete system compromise.Attacks related to this vulnerability appear to have intensified this week with FortiGuard Sensors blocking attack attempts on over 2000 devices. A Proof-of-Concept (PoC) exploit code for CVE-2024-27348 is available publicly and CISA has recently added the vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog on Sept. 18, 2024.What is the recommended Mitigation?CVE-2024-27348, has been patched with the release of version 1.3.0. For more details: https://www.openwall.com/lists/oss-security/2024/04/22/3What FortiGuard Coverage is available?FortiGuard recommends users to apply the upgrade provided by the vendor and follow instructions as mentioned on the vendor’s advisory. Fortinet customers remain protected through the IPS (Intrusion Prevention System) Service to detect and block any attack attempts targeting the vulnerability. Intrusion Prevention | FortiGuard LabsThe FortiGuard Incident Response team can be engaged to help with any suspected compromise.
More Stories
aws-2020-12.1.fc39
FEDORA-2024-d940f25a53 Packages in this update: aws-2020-12.1.fc39 Update description: CVE-2024-41708: Ada Web Server did not use a cryptographically secure pseudorandom number...
aws-2020-16.1.fc40
FEDORA-2024-63f98f8c60 Packages in this update: aws-2020-16.1.fc40 Update description: CVE-2024-41708: Ada Web Server did not use a cryptographically secure pseudorandom number...
Ivanti Virtual Traffic Manager (vTM ) Authentication Bypass Vulnerability (CVE-2024-7593)
What is the Vulnerability?Ivanti Virtual Traffic Manager (vTM), a software application used to manage and optimize the delivery of applications...
cups-2.4.10-7.fc39 cups-browsed-2.0.1-3.fc39 libcupsfilters-2.1~b1-3.fc39 libppd-2.1~b1-2.fc39
FEDORA-2024-cf6ab63871 Packages in this update: cups-2.4.10-7.fc39 cups-browsed-2.0.1-3.fc39 libcupsfilters-2.1~b1-3.fc39 libppd-2.1~b1-2.fc39 Update description: Fix for remote vulnerabilities against OpenPrinting cups-filters Read More
cups-2.4.10-7.fc40 cups-browsed-2.0.1-3.fc40 libcupsfilters-2.1~b1-3.fc40 libppd-2.1~b1-2.fc40
FEDORA-2024-01127974ec Packages in this update: cups-2.4.10-7.fc40 cups-browsed-2.0.1-3.fc40 libcupsfilters-2.1~b1-3.fc40 libppd-2.1~b1-2.fc40 Update description: Fix for remote vulnerabilities against OpenPrinting cups-filters Read More
cups-2.4.10-7.fc41 cups-browsed-2.0.1-3.fc41 libcupsfilters-2.1~b1-3.fc41 libppd-2.1~b1-2.fc41
FEDORA-2024-3fc82fed09 Packages in this update: cups-2.4.10-7.fc41 cups-browsed-2.0.1-3.fc41 libcupsfilters-2.1~b1-3.fc41 libppd-2.1~b1-2.fc41 Update description: Fix for remove vulnerabilities against OpenPrinting cups-filters Read More