Security Advisory Roll Up: Week Ending February 24, 2023

VMware Releases Security Updates for Carbon Black App Control
Cisco Releases Security Advisories for Multiple Products
CISA Urges Increased Vigilance One Year After Russia’s Invasion of Ukraine

_______________________________

VMware Releases Security Updates for Carbon Black App Control

Situation:
VMware has released security updates to address a vulnerability in Carbon Black App Control.

Problem:
Carbon Black App Control has multiple vulnerabilities that can cause a malicious actor to be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges. Also a malicious attacker with these privileges access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system, exploit this vulnerability to delete arbitrary files from the file system of the victim’s machine on which Workstation is installed. Moreover, an unauthenticated, malicious actor with administrative privileges can inject files into the operating system of an impacted appliance which can result in remote code execution and can gain root access to the underlying operating system.

Implication:
A remote attacker could exploit this vulnerability to take control of an affected system.

Need:
We encourage users and administrators to review VMware Security Advisory VMSA-2023-0004 and apply the necessary updates.

Additional Resources:

VMware Security Advisories:
https://www.vmware.com/security/advisories.html

Advisory ID:VMSA-2023-0003:
https://www.vmware.com/security/advisories/VMSA-2023-0003.html

Advisory ID:VMSA-2023-0002:
https://www.vmware.com/security/advisories/VMSA-2023-0002.html

Advisory ID:VMSA-2023-0001.1:
https://www.vmware.com/security/advisories/VMSA-2023-0001.html

Advisory ID:VMSA-2022-0034:
https://www.vmware.com/security/advisories/VMSA-2022-0034.html

________________________________

Cisco Releases Security Advisories for Multiple Products

Situation:
Cisco has released security advisories for vulnerabilities affecting multiple Cisco products.

Problem:
Multiple Cisco products have vulnerabilities that cause an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.

Implication:
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

Need:
We encourage users and administrators to review the following advisories and apply the necessary updates.

Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerability cisco-sa-capic-csrfv-DMx6KSwV
Cisco Nexus 9000 Series Fabric Switches in ACI Mode Link Layer Discovery Protocol Memory Leak Denial of Service Vulnerability cisco-sa-aci-lldp-dos-ySCNZOpX
For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page.

Additional Resources:

Cisco Application Policy Infrastructure Controller and Cisco Cloud Network Controller Cross-Site Request Forgery Vulnerability:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-csrfv-DMx6KSwV

________________________________

CISA Urges Increased Vigilance One Year After Russia’s Invasion of Ukraine

Situation:
The United States and European nations may experience disruptive and defacement attacks against websites in an attempt to sow chaos and societal discord on February 24, 2023, the anniversary of Russia’s 2022 invasion of Ukraine.

Problem:
Companies may experience disruptive and defacement DDOS attacks.

Implication:
DDOS attacks may cause exhausting the target system’s resources, which, in turn, renders the
target unreachable or inaccessible, denying legitimate users access to the service.

Need:
Our recommendations: