Greetings from the VMware Security Response Center! We wanted to address the recently reported ‘ESXiArgs’ ransomware attacks as well as provide some guidance on actions concerned customers should take to protect themselves. VMware has not found evidence that suggests an unknown vulnerability (0-day) is being used to propagate the ransomware used in these recent attacks. … ContinuedThe post VMware Security Response Center (vSRC) Response to ‘ESXiArgs’ Ransomware
More info:
https://blogs.vmware.com/security/2023/02/83330.html?utm_source=rss&utm_medium=rss&utm_campaign=83330
Introduction Over the past year, pandemic-related uncertainties, the rise of remote work, and a surge in ransomware attacks have added to security professionals’ challenges. Given the extent of the demands faced by security teams, the need to secure organizational networks in ways that are consistent, comprehensive, and easy to administer is greater than ever. Networks … ContinuedThe post Performance of VMware NSX Gateway Firewall on 3rd Gen Intel® Xeon® Scalable Processors
More info:
https://blogs.vmware.com/security/2023/02/performance-of-vmware-nsx-gateway-firewall-on-3rd-gen-intel-xeon-scalable-processors.html?utm_source=rss&utm_medium=rss&utm_campaign=performance-of-vmware-nsx-gateway-firewall-on-3rd-gen-intel-xeon-scalable-processors
A vulnerability in the RESTCONF and NETCONF services of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group. This vulnerability exists because user-supplied input is not properly validated when either RESTCONF or NETCONF is used to upload packages to an affected device. An attacker could
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Network%20Services%20Orchestrator%20Path%20Traversal%20Vulnerability&vs_k=1
A vulnerability in the RESTCONF service of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group. This vulnerability exists because user-supplied input is not properly validated when RESTCONF is used to upload packages to an affected device. An attacker could exploit this vulnerability by
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Network%20Services%20Orchestrator%20Path%20Traversal%20Vulnerability&vs_k=1
by Michael Hawkins. Blog search required additional sanitizing to prevent a reflected XSS risk. Severity/Risk: Serious Versions affected: 4.1 and 4.0 to 4.0.5 Versions fixed: 4.1.1, 4.0.6 Reported by: Unknown (name not provided) CVE identifier: CVE-2023-23922 Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-76861 Tracker issue: MDL-76861 Reflected XSS risk in blog search
More info:
https://moodle.org/mod/forum/discuss.php?d=443273&parent=1782022
Detect Malware in Container Images As organizations continue to adopt containers and Kubernetes for their applications, the need to secure these containers becomes increasingly important. Many applications are built with third-party sourced components from public image registries. Attackers are privy to the growing use of these third-party image registries, and often target them with malware, … ContinuedThe post Malware Detection in Container Images appeared first on VMware Security Blog.
More info:
https://blogs.vmware.com/security/2023/02/malware-detection-in-container-images.html?utm_source=rss&utm_medium=rss&utm_campaign=malware-detection-in-container-images
Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-os-injection-pxhKsDM?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Identity%20Services%20Engine%20Privilege%20Escalation%20Vulnerabilities&vs_k=1
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information, conduct a server-side request forgery (SSRF) attack through an affected device, or negatively impact the responsiveness of the web-based management interface itself. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-xxe-inj-GecEHY58?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Identity%20Services%20Engine%20XML%20External%20Entity%20Injection%20Vulnerability&vs_k=1
A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20RV340,%20RV340W,%20RV345,%20and%20RV345P%20Dual%20WAN%20Gigabit%20VPN%20Routers%20Arbitrary%20File%20Upload%20Vulnerability&vs_k=1
A vulnerability in the web-based management interface of Cisco Prime Infrastructure Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface on an affected device to click a crafted link. A successful
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-pi-xss-PU6dnfD9?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Prime%20Infrastructure%20Reflected%20Cross-Site%20Scripting%20Vulnerability&vs_k=1
