Cisco Systems has taken steps to enhance the security of its products by releasing a series of updates that fix critical vulnerabilities in its system. These vulnerabilities were identified as being capable of being exploited by attackers, who could then manipulate affected systems to execute arbitrary code. One of the most severe vulnerabilities, CVE-2023-20036, is a command injection flaw found in Cisco Industrial Network Director’s web UI component, which arose due to an incorrect input validation during the uploading of a Device Pack. Furthermore, Cisco resolved a medium-severity vulnerability, CVE-2023-20039, that an attacker with authenticated local access could exploit to view sensitive data in the same product.
Cisco Credits An External Researcher For Reporting The Two Issues
Cisco has credited an external researcher for discovering the two security vulnerabilities in the Cisco Industrial Network Director product. The vulnerabilities, which hackers could exploit to execute arbitrary code on affected systems, were discovered through an external security audit conducted by the unnamed researcher.
The security audit was likely conducted as part of the researcher’s bug bounty program. Bug bounty programs incentivize security researchers to report security vulnerabilities to organizations and are a popular way for companies to proactively identify and address security flaws in their products. Cisco has been running its bug bounty program since 2014 and has paid over $5 million to researchers who have reported security vulnerabilities in its products.
The identity of the researcher who discovered the two vulnerabilities has not been disclosed by Cisco. However, it’s not uncommon for companies to keep the identities of researchers who report vulnerabilities confidential to protect them from retaliation by hackers or other bad actors.
In a statement, Cisco said it “takes security vulnerability reports very seriously and appreciates the coordinated efforts of security researchers and partners working to help ensure the security of our customers’ networks.”
Cisco Fixes Another Critical Flaw In The External Authentication
Cisco’s Modeling Labs network simulation platform has recently been patched with yet another critical flaw fixed in its external authentication mechanism. This vulnerability, identified as CVE-2023-20154 and assigned a CVSS score of 9.1, could allow unauthorized, remote attackers to access the web interface with full administrative privileges.
The flaw was traced back to the Lightweight Directory Access Protocol (LDAP) server used for user authentication. The vulnerability allows attackers to exploit an authentication bypass that would permit them to gain administrative access to the Modeling Labs network simulation platform. This is achieved when the LDAP server is configured to respond to search queries with a non-empty array of matching entries.
Although there are temporary solutions available to mitigate this security issue, Cisco strongly recommends customers test the effectiveness of the remediations in their own environment before deploying them. The company has issued version 2.5.1 to address this vulnerability.
This fix comes shortly after Cisco resolved two other security flaws in its Industrial Network Director product. The second was a medium-severity file permissions flaw (CVE-2023-20039) that could enable an authenticated, local attacker to view sensitive information. Both of these issues were resolved in version 1.11.3 of the product.
VMware Releases Updates To Fix Critical Vulnerabilities
In an advisory on April 20, 2023, VMware alerts of a critical flaw impacting multiple versions of Aria Operations for Logs. The vulnerability tracked as CVE-2023-20864, with a CVSS score of 9.8, could allow an unauthenticated, malicious actor with network access to execute arbitrary code as root.
To address the issue, VMware released Aria Operations for Logs 8.12, which includes a fix for the critical flaw and another high-severity command injection flaw (CVE-2023-20865, CVSS score: 7.2).
VMware’s warning on CVE-2023-20864 comes almost three months after the virtualization services provider brought two critical issues. With VMware appliances being prime targets for threat actors, users are advised to move quickly to apply the updates to mitigate potential threats.
While the company has not disclosed any details about the attackers who may exploit the vulnerabilities in its products, it is widely recognized that the success of these attacks depends on the timely release and application of patches. Therefore, VMware’s prompt response to the latest vulnerabilities should be commended.
It’s worth noting that the security issues affecting VMware Aria Operations for Logs are not unique. Many companies that develop software and hardware face similar issues, and it is the responsibility of these companies to release timely patches to address them.
As part of its commitment to addressing security vulnerabilities, VMware has an established process for receiving and responding to reports of security vulnerabilities. The company encourages security researchers and customers to report any suspected vulnerabilities to the company so that it can investigate and address them promptly.
Users Advised To Apply Updates To Mitigate Potential Threats
Given the critical nature of the vulnerabilities discovered in Cisco and VMware products, it is highly recommended that users apply the latest security updates as soon as possible to safeguard their systems against potential attacks. With cybercriminals continuously seeking out new vulnerabilities to exploit, delaying the installation of patches could lead to devastating consequences.
Hackers often target known vulnerabilities in software products, counting on the fact that not all users will update their systems promptly. When patches are released, they analyze the changes in the software code to identify the security weaknesses that have been addressed. They then target users who have yet to apply the updates, leaving them vulnerable to exploitation.
In light of this, cybersecurity experts recommend that users keep their software updated and that they implement automatic updates whenever possible. This will ensure that security patches are applied as soon as they become available, reducing the risk of a potential breach.
It is also essential to perform regular security audits of IT systems to identify vulnerabilities and take the necessary steps to patch them. This includes ensuring that all software is up-to-date and that employees are trained to recognize and respond appropriately to potential threats.
Moreover, it is important to note that not all threats can be mitigated through patches alone. In addition to applying security updates, users should employ additional security measures such as firewalls, antivirus software, and intrusion detection systems. These can help to detect and prevent attacks before they cause significant harm to the system.
Conclusion
In order to fix serious security weaknesses in their products that might be used by hostile parties to execute arbitrary code on vulnerable computers, Cisco and VMware have released security patches. A command injection hole in Cisco Industrial Network Director (CVE-2023-20036, CVSS score: 9.9), which affects the web UI component and results from insufficient input validation while uploading a Device Pack, is the most serious vulnerability. The manufacturer of networking equipment also fixed a medium-severity file permissions flaw (CVE-2023-20039, CVSS score: 5.5) in the same product that allowed a local, authorized attacker to read sensitive data.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
