Black Arrow Cyber Advisory - 23 June 2023 – Cisco Exploit in the Wild and VMware Address Flaws

Executive summary

This week, Cisco and VMware have addressed vulnerabilities in their products. A high-severity vulnerability exploit has been released in the wild for the Cisco AnyConnect VPN, this could allow an authenticated attacker to escalate privileges to SYSTEM level with no user interaction. VMware have addressed multiple high-severity flaws in vCenter server, these vulnerabilities can let an attacker to gain code execution and bypass authentication on unpatched systems. Both Cisco and VMware have applied patches and can found below.


 Cisco AnyConnect

CVE-2023-20178 – This vulnerability, if exploited allows an authenticated attacker to execute code with SYSTEM privileges.

The Impacted versions include:

  • Cisco AnyConnect Secure Mobility Client Software for Windows

  • Cisco Secure Client Software for Windows (version 5.0). For releases earlier than 5.0, this is known as Cisco AnyConnect Secure Mobility Client for Windows.

What can I do?

Since a proof-of-concept exploit code is publically available it is advised that patches are applied immediately. Patches are available in AnyConnect Secure Mobility Client for Windows 4.10MR7 and Cisco Secure Client for Windows 5.0MR2 should be applied. No workarounds are available.


VMware vCenter

CVE-2023-20892 and CVE-2023-20893 – These vulnerabilities, if exploited allow an unauthenticated attacker with network access to gain code execution.

CVE-2023-20895 – This vulnerability, if exploited allows an attacker to bypass authentication on unpatched vCenter Server appliances.

The impacted versions include:

  • vCenter Server version 8.0 – patched in version 8.0 U1b

  • vCenter Server version 7.0 – patched in version 7.0 U3m

  • Cloud Foundation (vCenter Server) version 5.x – patched in version 8.0U1b

  • Cloud Foundation (vCenter Server) version 4.x – patched in version 7.0 U3m

What can I do?

VMware have released patches for the impacted, it is advised that patches are applied immediately. There are no workarounds available for these flaws.


Further details on the Cisco vulnerability can be found here: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw

Further details on the VMware vulnerability can be found here: https://www.vmware.com/security/advisories/VMSA-2023-0014.html

Previous
Previous

Black Arrow Cyber Threat Briefing 23rd June 2023

Next
Next

Black Arrow Cyber Advisory 22 June 2023 – Rising Threats Facing the Apple Ecosystem, affecting Mac and iOS Devices