The flaws concern weak authentication problems, allowing bypassing of password requirements, and user input validation issues potentially leading to remote code execution, arbitrary file uploads, and directory traversal. U.S. cybersecurity agency CISA is warning about two critical vulnerabilities that allow authentication bypass and remote code execution in Optigo Networks ONS-S8 Aggregation Switch products used in critical infrastructure. CISA recommends that organizations observing suspicious activity on these devices follow their breach protocols and report the incident to the cybersecurity agency so that it can be tracked and correlated with other incidents. Exploiting this enables an attacker to gain unauthorized access to the switches' management interface, alter configurations, access sensitive data, or pivot to other network points. The first flaw is tracked as CVE-2024-41925 and is classified as a PHP Remote File Inclusion (RFI) problem stemming from incorrect validation or sanitation of user-supplied file paths. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. An attacker could use this vulnerability to perform directory traversal, bypass authentication, and execute arbitrary remote code. The second issue, tracked as CVE-2024-45367, is a weak authentication problem arising from improper password verification enforcement on the authentication mechanism. Connect to OneView only through a dedicated NIC on the BMS computer to ensure secure and exclusive access for OT network management. Configure a router firewall to whitelist specific devices, limiting OneView access only to authorized systems and preventing unauthorized access.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 02 Oct 2024 15:05:21 +0000