The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added a critical security flaw impacting ScienceLogic SL1 to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation as a zero-day.
The vulnerability in question, known as CVE-2024-9537 (CVSS v4 score: 9.3), involves an unspecified third-party component that could result in remote code execution. The issue has been patched in various versions, including 12.1.3, 12.2.3, and 12.3, as well as 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.
Furthermore, Federal Civilian Executive Branch (FCEB) agencies are urged to apply the fixes by November 11, 2024, to mitigate potential threats to their networks.
On another front, Fortinet has released security updates for FortiManager to address a vulnerability reportedly being exploited by China-linked threat actors. Details about the flaw remain undisclosed, but Fortinet is taking proactive steps to ensure customer defense mechanisms are fortified.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.