The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting MOTEX’s Lanscope Endpoint Manager to its Known Exploited Vulnerabilities (KEV) catalog. The security flaw, tracked as CVE-2023-43208, has been confirmed to be under active exploitation in real-world attacks, prompting an urgent directive for federal agencies.
This addition to the KEV catalog serves as an official warning to all organizations utilizing the affected software. Lanscope Endpoint Manager is an IT asset management and endpoint security solution used by over 10,000 organizations, with a significant user base in Japan.
Details of the Exploited Vulnerability
The vulnerability, CVE-2023-43208, is an authentication bypass flaw that can lead to remote code execution (RCE). Attackers who successfully exploit this vulnerability can gain administrator privileges on a targeted server, allowing them to execute arbitrary code. The Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) first reported observing active exploitation of this flaw in May. The vulnerability impacts on-premise installations of Lanscope Cat versions prior to 9.6.2.2 and the Lanscope Endpoint Manager Cloud version.
CISA Directive and Vendor Response
In response to the active threats, CISA has issued a binding operational directive ordering all Federal Civilian Executive Branch (FCEB) agencies to secure their systems against this flaw by August 1, 2024. The vendor, MOTEX, has already released security updates to address the vulnerability. For customers using the cloud-based version of the software, patches were applied automatically by the vendor. However, organizations using the on-premise Lanscope Cat product must manually update their systems to version 9.6.2.2 or a later release to mitigate the risk of compromise. All organizations using the affected software are advised to apply the available patches immediately.
Concise Cyber 