Virtualization companies supplier VMware has alerted prospects to the existence of a proof-of-concept (PoC) exploit for a just lately patched security flaw in Aria Operations for Logs.
Tracked as CVE-2023-34051 (CVSS rating: 8.1), the high-severity vulnerability pertains to a case of authentication bypass that would result in distant code execution.
“An unauthenticated, malicious actor can inject information into the working system of an impacted equipment which can lead to distant code execution,” VMware famous in an advisory on October 19, 2023.
James Horseman from Horizon3.ai and the Randori Attack Workforce have been credited with discovering and reporting the flaw.
Horizon3.ai has since made out there a PoC for the vulnerability, prompting VMware to revise its advisory this week.
It is value noting that CVE-2023-34051 is a patch bypass for a set of essential flaws that had been addressed by VMware earlier this January that would expose customers to distant code execution assaults.
“This patch bypass wouldn’t be very troublesome for an attacker to seek out,” Horseman stated. “This assault highlights the significance of protection in depth. A defender cannot all the time belief that an official patch totally mitigates a vulnerability.”
The disclosure comes as Citrix launched an advisory of its personal, urging prospects to use fixes for CVE-2023-4966 (CVSS rating: 9.4), a essential security vulnerability affecting NetScaler ADC and NetScaler Gateway that has come below lively exploitation within the wild.
“We now have experiences of incidents in step with session hijacking, and have obtained credible experiences of focused assaults exploiting this vulnerability,” the corporate stated this week, corroborating a report from Google-owned Mandiant.
The exploitation efforts are additionally more likely to ramp up within the coming days given the supply of a PoC exploit, dubbed Citrix Bleed.
“Right here we noticed an attention-grabbing instance of a vulnerability attributable to not totally understanding snprintf,” Assetnote researcher Dylan Pindur stated.
“Although snprintf is advisable because the safe model of sprintf it’s nonetheless vital to watch out. A buffer overflow was prevented by utilizing snprintf however the subsequent buffer over-read was nonetheless a difficulty.”
The lively exploitation of CVE-2023-4966 has prompted the U.S. Cybersecurity and Infrastructure Safety Company (CISA) so as to add it to the Recognized Exploited Vulnerabilities (KEV) catalog, requiring federal businesses within the U.S. to use the newest patches by November 8, 2023.
The newest developments additionally observe the discharge of updates for 3 essential distant code execution vulnerabilities in SolarWinds Entry Rights Supervisor (CVE-2023-35182, CVE-2023-35185, and CVE-2023-35187, CVSS scores: 9.8) that distant attackers may use to run code with SYSTEM privileges.
