Black Arrow Cyber Advisory 21 April 2023 – VMware and Cisco Update Critical Vulnerabilities

Executive Summary

Cisco and VMware have released security updates to address critical security flaws in their products that could be exploited by malicious actors to execute arbitrary code on affected systems. The affected VMware products are VMware Aria Operations for Logs (formerly vRealize Log Insight) and VMware Cloud Foundation. While the affected Cisco products are Cisco Industrial Network and Modeling Labs network simulation platform.


Cisco                                                                                                                                       

The Cisco vulnerabilities (CVE-2023-20036 and CVE-2023-20154), if exploited, could allow unrestricted access and compromise of the confidentiality, integrity, and availability of data in your organisation. According to Cisco, the following products are affected by the vulnerabilities:

CVE-2023-20036 – A critical vulnerability impacting Cisco Industrial Network Director versions below version: 1.11.3.

CVE-2023-20154 – A critical vulnerability impacting Modeling Labs running version 2.3 through to 2.5, all versions must be patched to the latest fixed release which is 2.5.1

What can I do?

Patches are available for both vulnerabilities. Organisations using a vulnerable version of Cisco Industrial Network and or Modeling Labs are recommended to install the patches in version 1.11.3 and version 2.5.1 respectively.


VMware

The VMware vulnerabilities (CVE-2023-20864 and CVE-2023-2086), if exploited, could allow an attacker to execute code as root, giving them unrestricted access and compromising the confidentiality, integrity, and availability of data in your organisation. According to VMware the following products are affected by the vulnerabilities:

CVE-2023-20864 – A critical vulnerability VMware Aria Operations for Logs versions: 8.10.2 and VMware Cloud Foundation (VMware Aria Operations for Logs) 4.x.

CVE-2023-20865 – This impacts VMware Aria Operations for Logs versions: 8.6.x, 8.8.x, 8.10 and 8.10.2 and VMware Cloud Foundation (VMware Aria Operations for Logs) – 4.X.

What can I do?

Patches are available in version 8.12 for the affected VMware Aria Operations for Logs products and should be applied immediately. For users of VMware Cloud Foundation, a workaround has been released by VMware.


Further information can be found here:

Details on Cisco Industrial Network Director Vulnerabilities can be found here- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-CAeLFk6V

Details on the Modeling Labs External Authentication Bypass Vulnerability can be found here- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cml-auth-bypass-4fUCCeG5

Details on the VMware Aria Operations can be found here- https://www.vmware.com/security/advisories/VMSA-2023-0007.html

Detail on the workaround for VMware Cloud Foundation users can be found here- https://kb.vmware.com/s/article/91865


Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Previous
Previous

Black Arrow Cyber Threat Briefing 21 April 2023

Next
Next

Black Arrow Cyber Threat Briefing 14 April 2023