Subject : VMware Warns of Unpatched Critical Cloud Director Vulnerability
Severity : Critical (CVE-2023-34060) CVSSv3.0 Score : 9.8
Date : 2023-11-21
*
Information
VMware Cloud Director (VCD) is a platform designed to provide cloud services and act as the foundation for cloud management. It enables organizations and cloud service providers to create and manage workspaces in the cloud, efficiently manage IT resources, and deliver services in a cloud-native manner.
VCD assists in managing resource pools used to create clouds, such as virtual machines, and other necessary services for organizational operations or even for cloud service providers.
Utilizing VCD allows organizations to handle computer and network resources. Management through VCD makes it easier to customize and manage clouds. Additionally, it helps cloud service providers efficiently present and manage their customers' clouds, enhancing flexibility and effectiveness
Incident
The authentication bypass vulnerability through Ports 22 (SSH) or 5480 (appliance management console) can be exploited by hackers Remote Code Execution with minimal complexity and without requiring user interaction. This impacts only devices using VCD Appliance 10.5 that were upgraded from older versions, but it doesn't affect newly installed VCD Appliance 10.5
Recommendation
− On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present.
−Upgrade to VMware Cloud Director Appliance 10.5.1 from VMware Cloud Director Appliance 10.5
The important things is Security systems. We must concern and monitor as usual.
For more information please contact
Email :sales@inetms.co.th
065 149 2822 (Ms.Suphatson )
061 404 5895 (Ms.Thanyakan)
063 204 4534 (Ms.Atsamaphorn)
065 929 6330 (Ms.Kansinee)
References
–https://www.vmware.com/security/advisories/VMSA-2023-0026.html
Weekly Interesting CVE
NO. |
CVE Name |
Published Date |
Last Update |
Device/Appplication/OS Target |
Attack Type |
CVSS |
Detail |
Solution |
Ref |
---|---|---|---|---|---|---|---|---|---|
1 |
CVE-2023-4677 |
23/11/2023 |
30/11/2023 |
Pandora FMS version 772 or older |
Bypass, Gain Privilege |
9.8 |
Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. |
upgrade to version 772.1 or later |
|
2 |
CVE-2023-49208 |
23/11/2023 |
30/11/2023 |
Glewlwyd SSO server before 2.7.6 |
Overflow |
9.8 |
scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible buffer overflow during FIDO2 credentials validation in webauthn registration. |
update patch to version 2.7.6 or later |
|
3 |
CVE-2023-46575 |
24/11/2023 |
30/11/2023 |
Meshery before 0.6.179 |
SQL Injection |
9.8 |
A SQL injection vulnerability in Meshery before 0.6.179 allows a remote attacker to obtain sensitive information and execute arbitrary code via the order parameter |
update patch to latest version |
|
4 |
CVE-2023-6345 |
29/11/2023 |
1/12/2023 |
Skia in Google Chrome prior to 119.0.6045.199 |
Overflow |
9.6 |
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. |
upgrade to version 119.0.6045.199 or later |
|
5 |
CVE-2023-49079 |
29/11/2023 |
29/11/2023 |
Misskey |
Improper Verification of Cryptographic Signatiure |
9.3 |
Misskey's missing signature validation allows arbitrary users to impersonate any remote user. |
update patch to version 2023.11.1 or later |
Malware News or Campaign IOC/IOA
No |
Campaign Name |
Detection in Thailand |
Detection Date |
Attack Type |
Severity |
Description |
Solution |
---|---|---|---|---|---|---|---|
1 |
Multiple Malware Families Exploiting Apache ActiveMQ Vulnerability (CVE-2023-46604) |
742 |
05/12/2023 |
Downloader, Information-stealer, Remote Access Trojan (RAT), Tool, Vulnerability |
Medium |
Despite a patch being released for CVE-2023-46604, threat actors continue to exploit the vulnerability. Malware distribution on vulnerable servers, including Sliver, Kinsing, Ddostf, GoTitan, and the .NET program "PrCtrl Rat," has increased due to this exploitation. The attack involves establishing a connection to ActiveMQ via the OpenWire protocol on port 61616. By sending a manipulated packet, the attacker triggers the system to unmarshal a class under their control, leading the vulnerable server to fetch and load a class configuration XML file from a specified remote URL. The presence of a predefined external XML file is crucial for this process. Compounding the issue, technical details and proof-of-concept (PoC) code for CVE-2023-46604 are publicly available, facilitating easier exploitation by attackers. |
1.Update your Antivirus, Windows last version, and the device you are using to the latest.
|
Ref. 1. https://www.fortinet.com/blog/threat-research/gotitan-botnet-exploitation-on-apache-activemq
15 December 2023
Viewed 242 time