Headline
CVE-2023-6263: [vulnerability] 2023-09-21 - Server Spoofing - Cloud Health Status
An issue was discovered in Network Optix NxCloud before 23.1.0.40440. It was possible to add a fake VMS server to NxCloud by using the exact identification of a legitimate VMS server. As result, it was possible to retrieve authorization headers from legitimate users when the legitimate client connects to the fake VMS server.
Details of the Vulnerability:
Vulnerability Name: Server spoofing
Affected Versions: All VMS servers connected to Сloud
Potential Impact: If exploited, an attacker could perform a Man in the middle attack and hijack victim’s access to VMS server
Action Taken:
Upon discovering the vulnerability, our security team has:
Promptly initiated a thorough investigation.
Developed and tested a security patch to address the vulnerability. This patch will be deployed on Fri, Sep 22th, 2023.
Engaged with cybersecurity experts to enhance our security measures moving forward.
During our investigation, we have not found any evidence of this vulnerability being exploited yet. Vulnerability exploitation is relatively hard and demands multiple prerequisites, yet still we recommend performing certain actions.
Recommended Action for Customers:
Immediate Action: If you are using an affected version, we strongly urge you to change the VMS server owner’s (user “admin”) local password.
Perform users and permissions review.
Support and Assistance:
Should you encounter any issues or require assistance with the update, please reach out to our dedicated support team at [email protected].
Future Measures:
We are constantly enhancing our security protocols and will continue to conduct regular security audits to prevent such incidents in the future. We also plan to expand our collaboration with third-party security experts to ensure our systems remain resilient against evolving cyber threats.