Fortra is actively investigating a vulnerability in the ServiceNow Vancouver and Washington, D.C. Now Platform releases. This vulnerability, CVE-2024-4879, could enable an unauthenticated user to remotely execute code within the Now Platform. ServiceNow has released an update, patches, and hot fixes to address this vulnerability.

Fortra is actively researching a new vulnerability in OpenSSH dubbed “regreSSHion”. This remote code execution vulnerability – CVE-2024-6387 – could allow an unauthenticated remote attacker to execute arbitrary code as root. Fortra recommends updating sshd as soon as possible to mitigate this threat.

Fortra is investigating a vulnerability in the Check Point VPN – CVE-2024-24919. This information disclosure vulnerability could allow an attacker to access sensitive information on internet-exposed Check Point Security Gateways with IPsec VPN in the Remote Access VPN community and the Mobile Access software blade. Security updates are available to mitigate this vulnerability.

Fortra is actively researching an improper authentication vulnerability in MOVEit Transfer – CVE-2024-5806. This vulnerability in the SFTP Module of Progress MOVEit Transfer can lead to authentication bypass. Customers can upgrade to a patched release to mitigate this vulnerability.

Fortra is actively investigating an attack campaign dubbed “ArcaneDoor” against Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) software. The campaign has been used to implant malware, execute commands, and potentially exfiltrate data. While the initial attack vector has not yet been identified, Cisco has identified three vulnerabilities impacting these devices, two of which have been used within the attack. CVE-2024-20353 CVE-2024-20358 CVE-2024-20359 All three vulnerabilities have been patched as part of the Cisco Threat Response.