The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting ScienceLogic SL1 to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation as a zero-day.
This vulnerability, tracked as CVE-2024-9537, has a CVSS v4 score of 9.3 and involves an unspecified third-party component that could allow remote code execution. The issue has been addressed in versions 12.1.3, 12.2.3, and 12.3 and later, with fixes also available for earlier versions, including 10.1.x, 10.2.x, 11.1.x, 11.2.x, and 11.3.x.
This development follows Rackspace's acknowledgment of a problem with the ScienceLogic EM7 Portal, which prompted the company to take its dashboard offline at the end of last month. An account named ynezzor reported on September 28, 2024, that the exploit resulted in access to three internal Rackspace monitoring web servers. While the identity of the attackers remains unclear, Rackspace confirmed unauthorized access to its internal performance reporting systems and has notified affected customers. Additionally, Federal Civilian Executive Branch (FCEB) agencies are required to implement the necessary fixes by November 11, 2024, to safeguard their networks against potential threats. In related news, Fortinet has released security updates for FortiManager to address a vulnerability reportedly exploited by China-linked threat actors, though specific details about the flaw have yet to be disclosed.