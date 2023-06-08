VMware has released updates to fix three vulnerabilities in Aria Operations for Networks that could result in information disclosure and remote execution of (obviously malicious) code, and it wasn’t that long ago since previous security updates.

VMWARE and Cisco, here’s a mess of security updates

The most critical of the three vulnerabilities is a command injection vulnerability tracked as CVE-2023-20887 (CVSS score: 9.8) which could allow a malicious actor with network access to achieve remote code execution.

VMware also fixed another vulnerability of deserialization (CVE-2023-20888) which achieved a score of 9.1 out of a maximum of 10 in the CVSS grading system.

“An attacker with network access on VMware Aria Operations for Networks and valid ‘member’ role credentials may be able to perform a deserialization attack that results in remote code executionthe company said in its notice.

The third security flaw is a high-severity information disclosure bug (CVE-2023-20889CVSS score: 8.8) that could allow an actor with network access to perform a command injection attack and gain access to sensitive data.

The three shortcomings, which they impact on version 6.x of VMware Aria Operations Networks, have been fixed in the following versions: 6.2, 6.3, 6.4, 6.5.1, 6.6, 6.7, 6.8, 6.9 and 6.10. There are no workarounds that mitigate these problems, at least for now.

The alarm comes while Cisco has distributed fixes for a critical flaw in its Expressway and TelePresence Video Communication Server (VCS) series that could “allow an authenticated attacker with admin-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system ”.

The privilege escalation vulnerability (CVE-2023-20105, CVSS score: 9.6), said, results from improper handling of password change requests, thus allowing an attacker to change the passwords of any user on the system, including a administrative user with read-write access, and then impersonate that user.

A second very serious vulnerability in the same product (CVE-2023-20192, CVSS score: 8.4) could allow an authenticated and local attacker to execute commands and change system configuration parameters.

As a workaround for CVE-2023-20192, Cisco recommends that customers disable CLI access for users with read-only access. Both issues were addressed in VCS versions 14.2.1 and 14.3.0, respectively.

While there is no evidence that any of the above vulnerabilities have been abused in the wild, it is strongly recommended that you patch the vulnerabilities as soon as possible to mitigate any potential risks.

Alerts also follow the discovery Of three bugs security in RenderDoc (CVE-2023-33863, CVE-2023-33864 And CVE-2023-33865), an open-source graphical debugger, which could allow an advisor to gain elevated privileges and execute arbitrary code.

If you use CISCO and VMWARE products here’s how to behave

In case you are (difficult, but you never know) a user of VMware Aria Operations for Networks and Cisco Expressway Series and TelePresence Video Communication Server I advise you toi install security updates as soon as possible to mitigate the risk associated with these vulnerabilities.

Furthermore, it is good to constantly check the security warnings issued by the vendors and run regular security scans to identify any new vulnerabilities; remember to use strong credentials (in the sense of no trivial passwords) for each account and to activate two-factor authentication when it is available.

Always remember that updates (both Windows, Linux, etc.) are not “that boring thing that is useless”, as many people think, but are useful for fixing quite a few problems.