Cisco and VMware have released security updates to address a critical security flaw in their products that could be exploited by malicious actors to execute arbitrary code on affected systems. bottom.
The most severe vulnerability is a command injection flaw (CVE-2023-20036, CVSS score: 9.9) in Cisco Industrial Network Director. This exists in the Web UI component and is a result of improper input validation when uploading device packs. .
In an advisory released on April 19, 2023, Cisco stated, “A successful exploit could allow an attacker to execute arbitrary commands as NT AUTHORITY\SYSTEM on the underlying operating system of the affected device. may become.
Network Appliance Major, the same product (CVE-2023-20039, CVSS score: 5.5) has a moderate severity file permissions vulnerability that can be exploited by an authenticated, local attacker to view sensitive information Gender is resolved.
A patch is now available for version 1.11.3. Cisco credits an unnamed “external” researcher for reporting two issues.
Cisco has also fixed another critical flaw in the external authentication mechanism of the Modeling Lab’s network simulation platform. This vulnerability, tracked as CVE-2023-20154 (CVSS score: 9.1), could allow an unauthenticated, remote attacker to access her web interface with administrative privileges.
“To exploit this vulnerability, an attacker would need valid user credentials stored on an associated external authentication server,” the company said.
“This authentication bypass vulnerability could be exploited if the LDAP server is configured to respond to a search query with a non-empty array of matching entries (responses containing search result referral entries). .”
Workarounds exist to close the security hole, but Cisco warns customers to test the effectiveness of such remediation in their own environment before managing it. This shortcoming has been fixed with the release of version 2.5.1.
VMware ships update to Aria Operations for Logs
In an advisory released on April 20, 2023, VMware warned of a critical deserialization flaw affecting multiple versions of Aria Operations for Logs (CVE-2023-20864, CVSS score: 9.8).
Defending with Deception: Driving Zero Trust Security
See how Deception can detect advanced threats, stop lateral movement, and strengthen your Zero Trust strategy. Join us for an insightful webinar!
Save my seat!
“An unauthenticated malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root,” said the virtualization service provider.
VMware Aria Operations for Logs 8.12 with a high-severity command injection flaw (CVE-2023-20865, CVSS score: 7.2) that could allow an attacker with administrator privileges to execute arbitrary commands as root , which fixes this vulnerability.
“CVE-2023-20864 is a critical issue and should be patched immediately,” the company said. “It should be emphasized that only version 8.10.2 is affected by this vulnerability.”
This alert comes almost three years after VMware identified two critical remote code execution issues (CVE-2022-31704 and CVE-2022-31706, CVSS score: 9.8) in the same product. It happened months later.
Cisco and VMware appliances have proven to be lucrative targets for threat actors and we encourage users to act quickly to apply the updates to mitigate potential threats.
