19 April 2021

NSA, CISA and FBI expose 5 security vulnerabilities exploited by nation-state hackers


NSA, CISA and FBI expose 5 security vulnerabilities exploited by nation-state hackers

The U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) released a joint advisory warning that Russia-linked hackers are exploiting five known vulnerabilities in popular enterprise equipment to gain access to corporate networks.

“Mitigation against these vulnerabilities is critically important as U.S. and allied networks are constantly scanned, targeted, and exploited by Russian state-sponsored cyber actors,” the three agencies said. “NSA, CISA, and FBI strongly encourage all cybersecurity stakeholders to check their networks for indicators of compromise related to all five vulnerabilities and the techniques detailed in the advisory and to urgently implement associated mitigations.”

The five vulnerabilities shared by the NSA, CISA, and FBI are as follows:

CVE-2018-13379 Fortinet FortiGate VPN - a path traversal issue in the FortiOS SSL VPN web portal. The vulnerability allows a remote attacker to perform directory traversal attacks.

CVE-2019-9670 Synacor Zimbra Collaboration Suite - an XML External Entity injection issue in Zimbra Collaboration Suite that allows a remote attacker to gain access to sensitive information.

CVE-2019-11510 Pulse Secure Pulse Connect Secure VPN - a path traversal issue in Pulse Connect Secure that allows a remote hacker to read arbitrary files on the system.

CVE-2019-19781 Citrix Application Delivery Controller and Gateway - a path traversal and remote code execution issue in Citrix ADC and Gateway that allows a remote attacker to perform directory traversal attacks.

CVE-2020-4006 VMware Workspace ONE Access - a remote code execution issue in VMware products.

Back to the list

Latest Posts

One of the US’ largest pipelines halts operations after a ransomware attack

One of the US’ largest pipelines halts operations after a ransomware attack

The "DarkSide" criminal group is believed to be behind the ransomware attack.
10 May 2021
TunnelSnake cyber-espionage campaign deploys unique rootkit to backdoor Windows systems

TunnelSnake cyber-espionage campaign deploys unique rootkit to backdoor Windows systems

The attacks were highly targeted and delivered to less than 10 victims around the world, including large diplomatic organizations in South-East Asia and Africa.
10 May 2021
A bio research institute got infected with Ryuk ransomware because of pirated software

A bio research institute got infected with Ryuk ransomware because of pirated software

The student who wouldn’t pay for licensed software unwittingly opened a door to the ransomware.
10 May 2021