Month: abril 2023

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv01x_rv32x_rce-nzAGWWDD?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Small%20Business%20RV016,%20RV042,%20RV042G,%20RV082,%20RV320,%20and%20RV325%20Routers%20Remote%20Command%20Execution%20Vulnerability&vs_k=1

A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to insufficient sanitization of user-provided data that is parsed into system memory. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-stealthsmc-rce-sfNBPjcS?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Secure%20Network%20Analytics%20Remote%20Code%20Execution%20Vulnerability&vs_k=1

A vulnerability in Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code as a root user on an affected device. This vulnerability is due to insufficient validation of user input to the web interface. An attacker could exploit this vulnerability by uploading a crafted file to an affected device. A successful exploit could allow the attacker to execute code on the affected device. To exploit this vulnerability, an attacker would need to have valid More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-stealth-rce-BDwXFK9C?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Secure%20Network%20Analytics%20Remote%20Code%20Execution%20Vulnerability&vs_k=1

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. This vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by entering crafted text into various input fields within the web-based management interface. A successful exploit could allow the attacker to perform a stored XSS More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-xss-GO9L9xxr?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Unified%20Contact%20Center%20Express%20Stored%20Cross-Site%20Scripting%20Vulnerability&vs_k=1

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-overwrite-3buqW8LH?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Expressway%20Series%20and%20Cisco%20TelePresence%20Video%20Communication%20Server%20Vulnerabilities&vs_k=1

Multiple vulnerabilities in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow an unauthenticated, remote attacker to bypass a configured rule, thereby allowing traffic onto a network that should have been blocked. These vulnerabilities exist because malformed, encoded traffic is not properly detected. An attacker could exploit these vulnerabilities by connecting through an affected device to a malicious More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-bypass-bwBfugek?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Secure%20Web%20Appliance%20Content%20Encoding%20Filter%20Bypass%20Vulnerabilities&vs_k=1

This is a developing situation and this blog post will be updated as needed. Reports of malicious code associated with the 3CX desktop application – part of the 3CX VoIP (Voice over Internet Protocol) platform – began on March 22, 2023. On March 30, 2023, 3CX confirmed the compromise, noting the affected 3CX desktop app … ContinuedThe post Investigating 3CX Desktop Application Attacks: What You Need to Know appeared first on VMware Security Blog. More info: https://blogs.vmware.com/security/2023/03/investigating-3cx-desktop-application-attacks-what-you-need-to-know.html?utm_source=rss&utm_medium=rss&utm_campaign=investigating-3cx-desktop-application-attacks-what-you-need-to-know

This post is relevant to administrators that have enabled the embedded Harbor version in vSphere 7.0 or 8.0 as explained in Enable the Embedded Harbor Registry on the Supervisor Cluster. Harbor-helm issue Harbor when installed with harbor-helm will use a default key pair if no key pair is specified in core.secretName in values.yaml. This default … ContinuedThe post Embedded vSphere Harbor default enablement results in an insecure configuration appeared first on VMware Security Blog. More info: https://blogs.vmware.com/security/2023/03/embedded-vsphere-harbor-default-enablement-results-in-an-insecure-configuration.html?utm_source=rss&utm_medium=rss&utm_campaign=embedded-vsphere-harbor-default-enablement-results-in-an-insecure-configuration