VMware Warns of Unpatched Critical Cloud Director Vulnerability

Subject :   VMware Warns of Unpatched Critical Cloud Director Vulnerability

 Severity : Critical (CVE-2023-34060) CVSSv3.0 Score : 9.8
Date : 2023-11-21

*

Information

  VMware Cloud Director (VCD) is a platform designed to provide cloud services and act as the foundation for cloud management. It enables organizations and cloud service providers to create and manage workspaces in the cloud, efficiently manage IT resources, and deliver services in a cloud-native manner.

VCD assists in managing resource pools used to create clouds, such as virtual machines, and other necessary services for organizational operations or even for cloud service providers.

Utilizing VCD allows organizations to handle computer and network resources. Management through VCD makes it easier to customize and manage clouds. Additionally, it helps cloud service providers efficiently present and manage their customers' clouds, enhancing flexibility and effectiveness

Incident

  The authentication bypass vulnerability through Ports 22 (SSH) or 5480 (appliance management console) can be exploited by hackers Remote Code Execution with minimal complexity and without requiring user interaction. This impacts only devices using VCD Appliance 10.5 that were upgraded from older versions, but it doesn't affect newly installed VCD Appliance 10.5

Recommendation

−  On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present.

−Upgrade to VMware Cloud Director Appliance 10.5.1 from VMware Cloud Director Appliance 10.5

 

The important things is Security systems. We must concern and monitor as usual.
For more information please contact
Email :sales@inetms.co.th
065 149 2822 (Ms.Suphatson )
061 404 5895 (Ms.Thanyakan)
063 204 4534 (Ms.Atsamaphorn)
065 929 6330 (Ms.Kansinee)

 

References

https://www.i-secure.co.th/2023/12/vmware-%e0%b9%81%e0%b8%81%e0%b9%89%e0%b9%84%e0%b8%82%e0%b8%8a%e0%b9%88%e0%b8%ad%e0%b8%87%e0%b9%82%e0%b8%ab%e0%b8%a7%e0%b9%88-auth-bypass-%e0%b8%a3%e0%b8%b0%e0%b8%94%e0%b8%b1%e0%b8%9a-critical/

https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-cloud-director-auth-bypass-unpatched-for-2-weeks/

https://www.vmware.com/security/advisories/VMSA-2023-0026.html

Weekly Interesting CVE

NO.

CVE Name

Published Date

Last Update

Device/Appplication/OS Target

Attack Type

CVSS
Severity Rating

Detail

Solution

Ref

1

CVE-2023-4677

23/11/2023

30/11/2023

Pandora FMS version 772 or older

Bypass, Gain Privilege

 

9.8

Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator.

upgrade to version 772.1 or later

https://nvd.nist.gov/vuln/detail/CVE-2023-4677

2

CVE-2023-49208

23/11/2023

30/11/2023

Glewlwyd SSO server before 2.7.6

Overflow

 9.8

scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible buffer overflow during FIDO2 credentials validation in webauthn registration.

update patch to version 2.7.6 or later

https://nvd.nist.gov/vuln/detail/CVE-2023-49208

3

CVE-2023-46575

24/11/2023

30/11/2023

Meshery before 0.6.179

SQL Injection

9.8

A SQL injection vulnerability in Meshery before 0.6.179 allows a remote attacker to obtain sensitive information and execute arbitrary code via the order parameter

update patch to latest version

https://nvd.nist.gov/vuln/detail/CVE-2023-46575

4

CVE-2023-6345

29/11/2023

1/12/2023

Skia in Google Chrome prior to 119.0.6045.199

Overflow

9.6

Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file.

upgrade to version 119.0.6045.199 or later

 

https://vuldb.com/?id.245938

https://nvd.nist.gov/vuln/detail/CVE-2023-6345

5

CVE-2023-49079

29/11/2023

29/11/2023

Misskey

Improper Verification of Cryptographic Signatiure

9.3

Misskey's missing signature validation allows arbitrary users to impersonate any remote user.

update patch to version 2023.11.1 or later

https://nvd.nist.gov/vuln/detail/CVE-2023-49079

 

Malware News or Campaign IOC/IOA

No

Campaign Name

Detection in Thailand​
(/1m Divs

Detection Date

Attack

Type

Severity

 

Description

 

Solution

1

Multiple Malware Families Exploiting Apache ActiveMQ Vulnerability (CVE-2023-46604)​

742​​

05/12/2023

Downloader,​

Information-stealer,​

Remote Access Trojan (RAT),​

Tool,​

Vulnerability​

Medium​

Despite a patch being released for CVE-2023-46604, threat actors continue to exploit the vulnerability. Malware distribution on vulnerable servers, including Sliver, Kinsing, Ddostf, GoTitan, and the .NET program "PrCtrl Rat," has increased due to this exploitation. The attack involves establishing a connection to ActiveMQ via the OpenWire protocol on port 61616. By sending a manipulated packet, the attacker triggers the system to unmarshal a class under their control, leading the vulnerable server to fetch and load a class configuration XML file from a specified remote URL. The presence of a predefined external XML file is crucial for this process. Compounding the issue, technical details and proof-of-concept (PoC) code for CVE-2023-46604 are publicly available, facilitating easier exploitation by attackers.

1.Update your Antivirus, Windows last version, and the device you are using to the latest.​

  1. Turn on Multi-Factor Authentication (MFA)​
  2. Enable application control : Well defined policies should be used to limit usage of these programs to dedicated user groups.

Ref. 1. https://www.fortinet.com/blog/threat-research/gotitan-botnet-exploitation-on-apache-activemq

15 December 2023

Viewed 137 time

Engine by shopup.com