Black Arrow Cyber Advisory 08 June 2023 – Barracuda, Cisco, and VMware Address Critical Security Flaws
Executive summary
This week, Barracuda, Cisco, and VMware have all addressed vulnerabilities in their products. The vulnerabilities allow an attacker to elevate privileges to the highest available and remotely execute. Both Cisco and VMware have applied patches, whilst Barracuda have urged users to immediately replace appliances impacted by the vulnerability.
Barracuda
CVE-2023-2868: This is a remote code injection vulnerability which has been exploited for at least seven months, allowing a successful attacker to steal information from Barracuda Email Security Gateway (ESG) devices.
Impacted versions include:
ESG devices on version 5.1.3.001 through 9.2.0.006
What can I do?
Barracuda have stated that regardless of the patch version level, customers must immediately replace impacted ESG appliances. If you are unsure, Black Arrow recommend to check with your MSP.
CISCO
CVE-2023-20178: This vulnerability, if exploited, can allow an attacker to execute code with SYSTEM privileges, the highest available.
Impacted versions include:
Cisco AnyConnect Secure Mobility Client Software for Windows (version 4.10 and earlier)
Cisco Secure Client Software for Windows (version 5.0). For releases earlier than 5.0, this is known as Cisco AnyConnect Secure Mobility Client for Windows.
CVE-2023-20105: A vulnerability which allows an administrator with read-only access to elevate to have the ability to write to files.
CVE-2023-20192: A vulnerability which allows an authenticated local user to execute commands and modify configuration files. For this to be successful, the vulnerable version must have granted command line interface access (CLI) to a read-only administrator of the system.
Impacted versions include:
Cisco Express Series and Cisco TelePresence VCS version 14.0 and earlier.
What can I do?
Patches are available in AnyConnect Secure Mobility Client for Windows 4.10MR7 and Cisco Secure Client for Windows 5.0MR2 should be applied. No workarounds are available.
For Cisco Express Series and Cisco TelePresence VCS version 14.0 and earlier, the first fixed releases are 14.2.1. for CVE-2023-20105 and 14.3.0 for CVE-2023-20192. As a mitigation for CVE-2023-20192, Cisco have recommended ensure CLI access is disabled for read-only users; this should be disabled by default.
VMware
CVE-2023-20887: A command injection vulnerability, allowing an attacker to execute code remotely.
CVE-2023-20888: An authentication deserialization vulnerability, allowing remote code execution.
CVE-2023-20889: An information disclosure vulnerability, where an attacker with network access can inject commands to force information out.
Impacted versions include:
VMware Aria Operations Networks version 6.x.
What can I do?
VMware have recommended applying patches available for versions: 6.2 / 6.3 / 6.4 / 6.5.1 / 6.6 / 6.7 / 6.8 / 6.9 / 6.10.
Further details on the Barracuda ESG vulnerabilities can be found here: https://www.barracuda.com/company/legal/esg-vulnerability
Further details on the Cisco vulnerability can be found here: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw
Further details on the VMware vulnerabilities can be found here: https://www.vmware.com/security/advisories/VMSA-2023-0012.html
Further details of the patches available for VMware can be found here: https://kb.vmware.com/s/article/92684
Need help understanding your gaps, or just want some advice? Get in touch with us
#threatadvisory #threatintelligence #cybersecurity