PoC Exploits Released for VMWare and Citrix Critical Vulnerabilities

VMware (CVE-2023-34051)

A recent advisory from virtualization services provider VMware has highlighted the discovery of a proof-of-concept (PoC) exploit for a previously patched security flaw in Aria Operations for Logs. Tracked as CVE-2023-34051, the vulnerability’s high-severity nature could potentially lead to remote code execution, posing a serious threat to system security. Security experts have emphasized the importance of a multi-layered defense strategy in light of the vulnerability’s patch bypass capability.

The vulnerabilities were classified into two main categories, as follows:

Authentication Bypass Vulnerability (CVE-2023-34051)

VMware Aria Operations for Logs was found to contain an authentication bypass vulnerability, which has been evaluated to be within the Important Severity Range by VMware. With a maximum CVSSv3 base score of 8.1, the vulnerability poses significant risks to the system’s security. Unauthenticated actors can potentially inject files into the operating system of an impacted appliance, enabling the execution of remote code, thus compromising the integrity of the system.

Deserialization Vulnerability (CVE-2023-34052)

Furthermore, a deserialization vulnerability was discovered in VMware Aria Operations for Logs. Classified with the same severity rating as the authentication bypass vulnerability, this issue can be triggered by a malicious actor with non-administrative access to the local system. By initiating the deserialization of data, an attacker could potentially bypass authentication measures, posing a serious threat to the security of the system.

Citrix (CVE-2023-4966)

Meanwhile, Citrix has released an urgent advisory urging customers to promptly apply fixes for CVE-2023-4966, a critical security vulnerability affecting NetScaler ADC and NetScaler Gateway. According to the advisory, the vulnerability impacts several versions, including NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50, NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.15, and NetScaler ADC and NetScaler Gateway 13.0 before 13.0-92.19, among others. Despite the release of patches on October 10, 2023, Citrix has revised its advisory, warning that unmitigated appliances are currently being exploited. Furthermore, reports from the Google-owned Mandiant indicate that zero-day exploitation of the vulnerability has been observed since late August 2023, adding another layer of urgency to the situation.

Reports of active exploitation in the wild, along with the availability of the Citrix Bleed exploit, have compelled the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to include it in the Known Exploited Vulnerabilities (KEV) catalog. Federal agencies in the United States have been instructed to implement the latest patches by November 8, 2023, underlining the severity of the threat.

CISA has also included the CVE-2021-1435 Cisco IOS XE Web UI Command Injection Vulnerability in its registry. Such vulnerabilities often serve as common targets for malicious cyber actors, posing substantial threats to the federal enterprise. For more information on recently added vulnerabilities, simply click the arrow in the “Date Added to Catalog” column to sort the entries by descending dates.

While the identity of the threat actors remains unknown, the campaign is reported to have targeted professional services, technology, and government organizations, amplifying the need for swift action.

Our Latest Update

News and Insights

× Whatsapp Us!