Cisco and VMware have recently released security updates to address critical security flaws in their products. These vulnerabilities could be exploited by malicious actors to execute arbitrary code on affected systems, highlighting the need for immediate action.
Addressing Cisco’s vulnerabilities
The most severe vulnerability is a command injection flaw in Cisco Industrial Network Director (CVE-2023-20036, CVSS score: 9.9). This flaw is found in the web UI component, stemming from improper input validation when uploading a Device Pack. Cisco stated in an advisory released on April 19, 2023, that successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system of an affected device.
Cisco also resolved a medium-severity file permissions vulnerability in the same product (CVE-2023-20039, CVSS score: 5.5). This flaw could be abused by an authenticated, local attacker to view sensitive information. Patches for both vulnerabilities are available in version 1.11.3.
Another critical flaw, tracked as CVE-2023-20154 (CVSS score: 9.1), was fixed in Cisco’s Modeling Labs network simulation platform. This vulnerability in the external authentication mechanism could allow an unauthenticated, remote attacker to access the web interface with administrative privileges. Cisco released version 2.5.1 to address this issue.
VMware updates for Aria Operations for Logs
In an advisory released on April 20, 2023, VMware warned of a critical deserialization flaw impacting multiple versions of Aria Operations for Logs (CVE-2023-20864, CVSS score: 9.8). An unauthenticated, malicious actor with network access could potentially execute arbitrary code as root. VMware Aria Operations for Logs 8.12 fixes this vulnerability, along with a high-severity command injection flaw (CVE-2023-20865, CVSS score: 7.2), which could allow an attacker with admin privileges to run arbitrary commands as root.
VMware emphasized the importance of addressing CVE-2023-20864, stating that it is a critical issue that should be patched immediately. It is worth noting that only version 8.10.2 is impacted by this vulnerability.
These updates come after VMware addressed two critical issues in the same product three months ago (CVE-2022-31704 and CVE-2022-31706, CVSS scores: 9.8), which could have resulted in remote code execution.
Considering that Cisco and VMware appliances have become attractive targets for threat actors, users are advised to promptly apply the updates to mitigate potential threats.
{{user}} {{datetime}}
{{text}}