The U.S. Cybersecurity and Infrastructure Security Agency (CISA) the following vulnerabilities to its :
The vulnerability CVE-2024-24919 is a Quantum Gateway information disclosure issue. Threat actors exploited the flaw to gain remote firewall access and breach corporate networks.
The issue impacts CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Spark Appliances. Impacted versions are R80.20.x, R80.20SP (EOL), R80.40 (EOL), R81, R81.10, R81.10.x, and R81.20.
Early this week, the security firm warned of a surge in attacks aimed at VPN solutions.
The vulnerability CVE-2024-1086 is a Linux kernel use-after-free issue that resides in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation.
According to , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts recommend also private organizations review the and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix this vulnerability by June 20, 2024.
Follow me on Twitter: and and Mastodon
(SecurityAffairs – hacking, Known Exploited Vulnerabilities catalog)