Created on 2025-03-11 20:37 and updated on 2025-03-11 20:42.
Description
In this fourth edition of the Cyber Threat Overview, The French Cybersecurity Agency (ANSSI) addresses prevalent cybersecurity threats and the pivotal incidents which occurred in 2024. In line with the previous years, ANSSI estimates that attackers associated with the cybercriminal ecosystem and reputedly linked to China and Russia are three of the main threats facing both critical information systems and the national ecosystem as a whole.
This past year was also marked by the hosting of the Paris Olympic and Paralympic Games and by the number and the impact of vulnerabilities affecting information systems’ security edge devices.
| CVE | SCORE CVSS3.x | ÉDITEUR | RISQUE | RÉFÉRENCE CERT-FR |
|---|---|---|---|---|
| CVE-2024-21887 | 9.1 | IVANTI | Remote execution of arbitrary code, security policy and authentication bypass, access to restricted resources on different security and VPN gateways | CERTFR-2024-ALE-001, CERTFR-2024-AVI-0109, CERTFR-2024-AVI-0085 |
| CVE-2023-46805 | 8.2 | IVANTI | Remote execution of arbitrary code, security policy and authentication bypass on different security and VPN gateways | CERTFR-2024-ALE-0097 |
| CVE-2024-21893 | 8.2 | IVANTI | ||
| CVE-2024-3400 | 10.0 | PALO ALTO NETWORKS | Remote execution of arbitrary code on different security devices | CERTFR-2024-ALE-006, CERTFR-2024-AVI-0307 |
| CVE-2022-42475 | 9.8 | FORTINET | Remote execution of arbitrary code on different SSL VPN gateways | CERTFR-2022-ALE-012, CERTFR-2022-AVI-1090 |
| CVE-2024-8963 | 9.4 | IVANTI | Remote execution of arbitrary code and security policy bypass on different security and VPN gateways | CERTFR-2024-ALE-013, CERTFR-2024-AVI-0796, CERTFR-2024-AVI-0917 |
| CVE-2024-8190 | 7.2 | IVANTI | CERTFR-2024-ALE-014, CERTFR-2024-AVI-0917 | |
| CVE-2024-47575 | 9.8 | FORTINET | Remote execution of arbitrary code on different security devices | CERTFR-2024-ALE-014, CERTFR-2024-AVI-0917 |
| CVE-2024-21762 | 9.8 | FORTINET | Remote execution of arbitrary code on different security devices | CERTFR-2024-ALE-004, CERTFR-2024-AVI-0108 |
| CVE-2021-44228 | 10.0 | APACHE | Remote execution of arbitrary code | CERTFR-2021-ALE-022 |
| CVE-2024-24919 | 8.6 | CHECK POINT | Breach of data confidentiality | CERTFR-2024-ALE-008, CERTFR-2024-AVI-0449 |
Vulnerabilities included in this bundle
Meta
[ { ref: [ "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2025-CTI-004.pdf", "https://www.cert.ssi.gouv.fr/cti/CERTFR-2025-CTI-004/", ], }, ]
Author
Cédric BonhommeCombined sightings
| Author | Vulnerability | Source | Type | Date |
|---|---|---|---|---|
| automation | CVE-2024-21762 | https://bsky.app/profile/kriptabiz.bsky.social/post/3lkrb6tfv4c2b | seen | 8 days ago |
| automation | CVE-2024-21762 | https://bsky.app/profile/qiancx.bsky.social/post/3lkrb6pklam2y | seen | 8 days ago |
| automation | CVE-2024-21762 | MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 | seen | 1 month ago |
| automation | CVE-2024-21762 | https://infosec.exchange/users/saltmyhash/statuses/114039171548967342 | seen | 1 month ago |
| automation | CVE-2024-21762 | MISP/eb740424-b73f-401b-9b79-f1d5085e106d | seen | 1 year ago |
| automation | CVE-2024-21762 | MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 | seen | 1 year ago |