Fortra is actively researching a vulnerability in Palo Alto Networks Expedition – CVE-2024-5910. Palo Alto Networks Expedition is a tool designed to assist with migrating other vendor configurations to Palo Alto devices. CVE-2024-5910 allows attackers to remotely reset administrator credentials, gaining complete access to Expedition and all of the data stored within. Customers are recommended to upgrade to a fixed version of Expedition.

Fortra is actively researching a new vulnerability in FortiManager – CVE-2024-47575. A critical function in FortiManager fgfmd daemon may allow a remote unauthenticated attacker to execute code or commands via specially crafted requests. FortiGuard has released updates for FortiManager to address this vulnerability, which should be implemented in customer systems as soon as possible.

Fortra is actively researching critical vulnerabilities in VMware vCenter Server – CVE-2024-38812 and CVE-2024-38813. By exploiting these vulnerabilities, a malicious actor with network access to vCenter Server could send specially crafted network packets to achieve remote code execution and escalation of privileges. These vulnerabilities were initially published on September 17, 2024, and announced via advisory VMSA-2024-0019. However, after further research, VMware determined that the patches did not fully address CVE-2024-38812 and released VMSA-2024-0019.2 with new updates to address these issues fully. Customers are strongly encouraged to apply the new patches, even if the patches from the initial advisory have already been applied.

Fortra is actively researching vulnerabilities in NVIDIA Container Toolkit. A malicious container can exploit these vulnerabilities to gain access to the host filesystem in read-only mode. Successful exploitation and subsequent actions can lead to code execution and privilege escalation. The greatest risk appears to be that an attacker can escape from their container and gain control over other containers on the same host. NVIDIA has released patched versions of the affected products. Customers are recommended to update to a patched version as soon as possible.

Fortra is actively researching several vulnerabilities in UNIX systems. These vulnerabilities can allow a remote unauthenticated attacker to achieve remote code execution via a UDP packet to port 631 if the CUPS port is open. LAN attacks are also possible via spoofing zeroconf / mDNS / DNS-SD advertisements. Customers are recommended to update the CUPS package to mitigate this vulnerability.