Black Arrow Cyber Advisory - 23 June 2023 – Cisco Exploit in the Wild and VMware Address Flaws
Executive summary
This week, Cisco and VMware have addressed vulnerabilities in their products. A high-severity vulnerability exploit has been released in the wild for the Cisco AnyConnect VPN, this could allow an authenticated attacker to escalate privileges to SYSTEM level with no user interaction. VMware have addressed multiple high-severity flaws in vCenter server, these vulnerabilities can let an attacker to gain code execution and bypass authentication on unpatched systems. Both Cisco and VMware have applied patches and can found below.
Cisco AnyConnect
CVE-2023-20178 – This vulnerability, if exploited allows an authenticated attacker to execute code with SYSTEM privileges.
The Impacted versions include:
Cisco AnyConnect Secure Mobility Client Software for Windows
Cisco Secure Client Software for Windows (version 5.0). For releases earlier than 5.0, this is known as Cisco AnyConnect Secure Mobility Client for Windows.
What can I do?
Since a proof-of-concept exploit code is publically available it is advised that patches are applied immediately. Patches are available in AnyConnect Secure Mobility Client for Windows 4.10MR7 and Cisco Secure Client for Windows 5.0MR2 should be applied. No workarounds are available.
VMware vCenter
CVE-2023-20892 and CVE-2023-20893 – These vulnerabilities, if exploited allow an unauthenticated attacker with network access to gain code execution.
CVE-2023-20895 – This vulnerability, if exploited allows an attacker to bypass authentication on unpatched vCenter Server appliances.
The impacted versions include:
vCenter Server version 8.0 – patched in version 8.0 U1b
vCenter Server version 7.0 – patched in version 7.0 U3m
Cloud Foundation (vCenter Server) version 5.x – patched in version 8.0U1b
Cloud Foundation (vCenter Server) version 4.x – patched in version 7.0 U3m
What can I do?
VMware have released patches for the impacted, it is advised that patches are applied immediately. There are no workarounds available for these flaws.
Further details on the Cisco vulnerability can be found here: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw
Further details on the VMware vulnerability can be found here: https://www.vmware.com/security/advisories/VMSA-2023-0014.html