Security
Headlines
HeadlinesLatestCVEs

Headline

Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products

Cisco and VMware have released security updates to address critical security flaws in their products that could be exploited by malicious actors to execute arbitrary code on affected systems. The most severe of the vulnerabilities is a command injection flaw in Cisco Industrial Network Director (CVE-2023-20036, CVSS score: 9.9), which resides in the web UI component and arises as a result of

The Hacker News
#vulnerability#web#cisco#rce#ldap#vmware#auth#The Hacker News

Software Update / Network Security

Cisco and VMware have released security updates to address critical security flaws in their products that could be exploited by malicious actors to execute arbitrary code on affected systems.

The most severe of the vulnerabilities is a command injection flaw in Cisco Industrial Network Director (CVE-2023-20036, CVSS score: 9.9), which resides in the web UI component and arises as a result of improper input validation when uploading a Device Pack.

“A successful exploit could allow the attacker to execute arbitrary commands as NT AUTHORITY\SYSTEM on the underlying operating system of an affected device,” Cisco said in an advisory released on April 19, 2023.

The networking equipment major also resolved a medium-severity file permissions vulnerability in the same product (CVE-2023-20039, CVSS score: 5.5) that an authenticated, local attacker could abuse to view sensitive information.

Patches have been made available in version 1.11.3, with Cisco crediting an unnamed “external” researcher for reporting the two issues.

Also fixed by Cisco is another critical flaw in the external authentication mechanism of the Modeling Labs network simulation platform. Tracked as CVE-2023-20154 (CVSS score: 9.1), the vulnerability could permit an unauthenticated, remote attacker to access the web interface with administrative privileges.

“To exploit this vulnerability, the attacker would need valid user credentials that are stored on the associated external authentication server,” the company noted.

“If the LDAP server is configured in such a way that it will reply to search queries with a non-empty array of matching entries (replies that contain search result reference entries), this authentication bypass vulnerability can be exploited.”

While there are workarounds that plug the security hole, Cisco cautions customers to test the effectiveness of such remediations in their own environments before administering them. The shortcoming has been patched with the release of version 2.5.1.

VMware ships updates for Aria Operations for Logs

VMware, in an advisory released on April 20, 2023, warned of a critical deserialization flaw impacting multiple versions of Aria Operations for Logs (CVE-2023-20864, CVSS score: 9.8).

UPCOMING WEBINAR

Defend with Deception: Advancing Zero Trust Security

Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!

Save My Seat!

“An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root,” the virtualization services provider said.

VMware Aria Operations for Logs 8.12 fixes this vulnerability along with a high-severity command injection flaw (CVE-2023-20865, CVSS score: 7.2) that could allow an attacker with admin privileges to run arbitrary commands as root.

“CVE-2023-20864 is a critical issue and should be patched immediately,” the company said. “It needs to be highlighted that only version 8.10.2 is impacted by this vulnerability.”

The alert comes almost three months after VMware plugged two critical issues in the same product (CVE-2022-31704 and CVE-2022-31706, CVSS scores: 9.8) that could result in remote code execution.

With Cisco and VMware appliances turning out to be lucrative targets for threat actors, it’s recommended that users move quickly to apply the updates to mitigate potential threats.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related news

VMware Releases Critical Patches for Workstation and Fusion Software

VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution. The vulnerability, tracked as CVE-2023-20869 (CVSS score: 9.3), is described as a stack-based buffer-overflow vulnerability that resides in the functionality for sharing host Bluetooth devices with the

CVE-2023-20865: VMSA-2023-0007

VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root.

CVE-2023-20865: VMSA-2023-0007

VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root.

Critical VMware RCE Vulnerabilities Targeted by Public Exploit Code

Security vulnerabilities in VMware's vRealize Log Insight platform can be chained together to offer a cybercriminals a gaping hole to access corporate crown jewels.

Critical VMware RCE Vulnerabilities Targeted by Public Exploit Code

Security vulnerabilities in VMware's vRealize Log Insight platform can be chained together to offer a cybercriminals a gaping hole to access corporate crown jewels.

CVE-2022-31711: VMSA-2023-0001

VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.

CVE-2022-31711: VMSA-2023-0001

VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.

VMware Releases Patches for Critical vRealize Log Insight Software Vulnerabilities

VMware on Tuesday released software to remediate four security vulnerabilities affecting vRealize Log Insight (aka Aria Operations for Logs) that could expose users to remote code execution attacks. Two of the flaws are critical, carrying a severity rating of 9.8 out of a maximum of 10, the virtualization services provider noted in its first security bulletin for 2023. Tracked as CVE-2022-31706

VMware Releases Patches for Critical vRealize Log Insight Software Vulnerabilities

VMware on Tuesday released software to remediate four security vulnerabilities affecting vRealize Log Insight (aka Aria Operations for Logs) that could expose users to remote code execution attacks. Two of the flaws are critical, carrying a severity rating of 9.8 out of a maximum of 10, the virtualization services provider noted in its first security bulletin for 2023. Tracked as CVE-2022-31706

Update vRealize now! VMware patches critical RCE vulnerabilities

Categories: Exploits and vulnerabilities Categories: News Tags: vRealize Tags: VMware Tags: CVE-2022-31706 Tags: CVE-2022-31704 Tags: CVE-2022-31702 Tags: path traversal Tags: directory traversal Tags: broken access control VMware has issued a security advisory for vRealize Log Insight that covers four vulnerabilities, including two critical RCEs (Read more...) The post Update vRealize now! VMware patches critical RCE vulnerabilities appeared first on Malwarebytes Labs.

Update vRealize now! VMware patches critical RCE vulnerabilities

Categories: Exploits and vulnerabilities Categories: News Tags: vRealize Tags: VMware Tags: CVE-2022-31706 Tags: CVE-2022-31704 Tags: CVE-2022-31702 Tags: path traversal Tags: directory traversal Tags: broken access control VMware has issued a security advisory for vRealize Log Insight that covers four vulnerabilities, including two critical RCEs (Read more...) The post Update vRealize now! VMware patches critical RCE vulnerabilities appeared first on Malwarebytes Labs.

The Hacker News: Latest News

Warning: Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign