Virtualization services provider VMware has alerted customers to the existence of one proof-of-concept (PoC) to exploit a security flaw recently fixed in Aria Operations for Logs.
Although not much time has passed since the latest VMware and Citrix vulnerabilities, unfortunately the bad guys (those at the IT level, of course) are always lurking.
What are Citrix and VMWare vulnerabilities and what do they consist of
Identified as CVE-2023-34051 (CVSS score: 8.1), this high severity vulnerability involves an authentication bypass case which could lead to remote code execution (naturally malicious code).
“An unauthenticated attacker can insert files into the operating system of an affected piece of equipment, which may lead to remote code execution [malevolo]” has said VMware in an advisory on October 19, 2023.
James Horseman of Horizon3.ai and the Randori Attack Team were credited for discovering and reporting the flaw.
Horizon3.ai has subsequently made a PoC available for this vulnerabilitycausing that VMware revised its advisory this week.
It is important to note that CVE-2023-34051 represents a patch bypass for a set of serious issues that had been addressed by VMware in early January and even earlier in December 2022 and which could expose users to remote code execution attacks.
“It would not be very difficult for an attacker to find this patch bypass” has declared Horseman, author of Horizion3.ai. “This attack highlights the importance of layered defense; a defender cannot always trust that an official patch will completely mitigate a vulnerability.“, which is a bit like the concept behind Windows Defender, good as long as you want, but a little help from Malwarebytes doesn’t hurt.
This disclosure comes while Citrix released its own advisoryinviting customers to apply fixes for the CVE-2023-4966 (CVSS score: 9.4), a critical security vulnerability affecting NetScaler ADC and NetScaler Gateway and has been the subject of active real-world attacks.
“We now have reports of incidents consistent with session hijacking and we have received credible reports of targeted attacks exploiting this vulnerability” has declared the company this week, confirming a report from Mandiant, owned by Google.
Exploitation efforts are likely to increase in the coming days, since there is a proof-of-concept available for the exploit, named Citrix Bleed.
“In this case we saw an interesting example of a vulnerability caused by not fully understanding snprintf” has said Assetnote researcher Dylan Pindur, adding “Even though snprintf is recommended as the safe version of sprintf, it is still important to be careful. A buffer overflow was avoided by using snprintf, but the subsequent buffer over-read was still a problem.“
Active exploitation of CVE-2023-4966 prompted the US Office of Cybersecurity and Infrastructure Security (CISA) to add it to the catalog of known and exploited vulnerabilities (KEV, Known Exploited Vulnerabilities Catalog), requiring US federal agencies to apply the latest patches by November 8, 2023.
The latest developments also follow the release of updates for three critical remote code execution vulnerabilities in SolarWinds Access Rights Manager (CVE-2023-35182, CVE-2023-35185 And CVE-2023-35187CVSS scores: 9.8), that remote attackers could exploit to execute code with system privileges.
A few words about virtualization
Besides Citrix and VMware, the most used is certainly Oracle’s VirtualBox, but beyond this, it is curious to note how many people trust the virtual machine with their security when navigating in risky environments, because they say “it doesn’t look like my device anyway”, too bad this is true only to a minimal extent.
While it is true that when I have a virtual machine it is more difficult to be identified, on the other hand, it is true that this virtual machine is always physically present on the hard disk, with all the consequences of the case; it is therefore not possible to exclude a priori that you have downloaded (even accidentally) some file containing malicious code, given that not even virtual machines are immune, as just seen, from security flaws.
#VMware #Citrix #find #vulnerability