ShiftDelete.net
FOLLOW US

Cisco and VMware tackle critical security flaws

Cisco and VMware release security updates to patch critical vulnerabilities in their products, preventing potential exploitation.

Cisco and VMware tackle critical security flaws

Cisco and VMware have recently released security updates to address critical security flaws in their products. These vulnerabilities could be exploited by malicious actors to execute arbitrary code on affected systems, highlighting the need for immediate action.

Addressing Cisco’s vulnerabilities

The most severe vulnerability is a command injection flaw in Cisco Industrial Network Director (CVE-2023-20036, CVSS score: 9.9). This flaw is found in the web UI component, stemming from improper input validation when uploading a Device Pack. Cisco stated in an advisory released on April 19, 2023, that successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system of an affected device.

Cisco also resolved a medium-severity file permissions vulnerability in the same product (CVE-2023-20039, CVSS score: 5.5). This flaw could be abused by an authenticated, local attacker to view sensitive information. Patches for both vulnerabilities are available in version 1.11.3.

Another critical flaw, tracked as CVE-2023-20154 (CVSS score: 9.1), was fixed in Cisco’s Modeling Labs network simulation platform. This vulnerability in the external authentication mechanism could allow an unauthenticated, remote attacker to access the web interface with administrative privileges. Cisco released version 2.5.1 to address this issue.

VMware updates for Aria Operations for Logs

In an advisory released on April 20, 2023, VMware warned of a critical deserialization flaw impacting multiple versions of Aria Operations for Logs (CVE-2023-20864, CVSS score: 9.8). An unauthenticated, malicious actor with network access could potentially execute arbitrary code as root. VMware Aria Operations for Logs 8.12 fixes this vulnerability, along with a high-severity command injection flaw (CVE-2023-20865, CVSS score: 7.2), which could allow an attacker with admin privileges to run arbitrary commands as root.

VMware emphasized the importance of addressing CVE-2023-20864, stating that it is a critical issue that should be patched immediately. It is worth noting that only version 8.10.2 is impacted by this vulnerability.

These updates come after VMware addressed two critical issues in the same product three months ago (CVE-2022-31704 and CVE-2022-31706, CVSS scores: 9.8), which could have resulted in remote code execution.

Considering that Cisco and VMware appliances have become attractive targets for threat actors, users are advised to promptly apply the updates to mitigate potential threats.

SDN Comments 0 Comments

Comment

Related News

Porsche files patent for 6-stroke ICE design
Porsche files patent for 6-stroke ICE design
HTC Vive Focus Vision introduced! Here are the price and features
HTC Vive Focus Vision introduced! Here are the price and features
Real images of Nintendo Switch 2 leaked!
Real images of Nintendo Switch 2 leaked!

SDN Network

Sihirli Elma Yeşil Robot Tech Inside Pembe Teknoloji Co-Founder.Work Future Flow Life

SDN.net

1250 BORREGAS AVENUE, #40, SUNNYVALE, CA
94089 ShiftDelete.Net LLC

info@shiftdelete.net

Shiftdelete.Net is a member of the Association of Internet Media and IT Reporters.

Desteklio