October 25, 2023 at 02:36AM
Virtualization services provider VMware has alerted customers to a proof-of-concept exploit for a recently patched security flaw in Aria Operations for Logs. The vulnerability, tracked as CVE-2023-34051, allows for authentication bypass and remote code execution. A PoC for the vulnerability has been made available, prompting VMware to revise its advisory. Additionally, Citrix has released an advisory for a critical security vulnerability affecting NetScaler ADC and NetScaler Gateway that is being actively exploited. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
Meeting Topic: NewsroomExploit / Vulnerability
Date: October 25, 2023
Key Points:
– VMware has alerted customers about a proof-of-concept exploit for a recently patched vulnerability in Aria Operations for Logs.
– The vulnerability (CVE-2023-34051) allows authentication bypass and can lead to remote code execution.
– Horizon3.ai and the Randori Attack Team discovered and reported the flaw.
– Horizon3.ai has released a proof-of-concept for the vulnerability, prompting VMware to update its advisory.
– This vulnerability is a patch bypass for a set of critical flaws addressed by VMware in January 2023.
– Citrix has also issued an advisory about a critical security vulnerability (CVE-2023-4966) affecting NetScaler ADC and NetScaler Gateway, which is actively exploited in the wild.
– Citrix Bleed is the name given to the PoC exploit for CVE-2023-4966.
– Assetnote researcher Dylan Pindur highlighted the vulnerability in Citrix as a result of not fully understanding snprintf.
– The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-4966 to the Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply patches by November 8, 2023.
– SolarWinds Access Rights Manager has also released updates for three critical remote code execution vulnerabilities (CVE-2023-35182, CVE-2023-35185, and CVE-2023-35187) that allow remote attackers to run code with SYSTEM privileges.
Please note that the information provided is a summary of the meeting notes.