VMware has released a security advisory (VMSA-2022-0022) addressing multiple vulnerabilities in VMware vRealize Operations. The vulnerabilities vary from an authentication bypass (CVE-2022-31675), and privilege escalation (CVE-2022-31672) to information disclosure (CVE-2022-31673, CVE-2022-316734). These vulnerabilities have been discovered by Steven Seeley (mr_me) of Qihoo 360 Vulnerability Research Institute. VMware vRealize Operations enable self-driving IT Operations Management … Continue reading “VMware vRealize Operations Multiple Vulnerabilities Patched in the Latest Security update (CVE-2022-31672, CVE-2022-31673, CVE-2022-31674, & CVE-2022-31675)”
Tag: Information Disclosure
Microsoft Patches 55 Vulnerabilities Including One Zero-day and Three Critical in the June 2022 Patch Tuesday
Microsoft released a new set of security patches with the June 2022 Patch Tuesday edition. In this month’s security advisory, Microsoft patched a total of 55 vulnerabilities including the Windows MSDT ‘Follina’ zero-day vulnerability (CVE-2022-30190). Out of these 55 vulnerabilities, three vulnerabilities were classified as Critical as they allow Remote Code Execution (RCE). Microsoft … Continue reading “Microsoft Patches 55 Vulnerabilities Including One Zero-day and Three Critical in the June 2022 Patch Tuesday”
Unpatched Information Disclosure Vulnerability affects Microsoft Windows (zero-day) (CVE-2021-24084)
Security researchers have discovered an unpatched Windows OS security vulnerability that could allow information disclosure and local privilege escalation (LPE). The flaw (CVE-2021-24084) has yet to be officially fixed, making it an important vulnerability. However, an unofficial patch has been released as a workaround. The vulnerability affects the Windows Mobile Device Management component, and it could allow unauthorized access to the filesystem and the reading of arbitrary data. … Continue reading “Unpatched Information Disclosure Vulnerability affects Microsoft Windows (zero-day) (CVE-2021-24084)”
Citrix ADC And Citrix Gateway Multiple Security Vulnerabilities (CTX276688)
Citrix issued a new security advisory CTX276688 on 7th July,2020 addressing multiple security vulnerabilities in Citrix networking products like Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP. Description: Citrix identified several vulnerabilities in products like Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP. Approximately 11 vulnerabilities of type including Code Injection, Privilege Escalation, Authorization Bypass, … Continue reading “Citrix ADC And Citrix Gateway Multiple Security Vulnerabilities (CTX276688)”
VMware Multiple Vulnerabilities (VMSA-2020-0015)
VMware issued a new security advisory on 23rd June,2020. VMSA-2020-0015 Addressed the ten security vulnerabilities in various VMware products. Among these multiple vulnerabilities, a bug, CVE-2020-3962 is a critical vulnerability with a 9.3 CVSSv3 base score. Rest nine flaws are of Important and Moderate severity. Affected VMware Products: VMware ESXi VMware Workstation Pro/Player (Workstation) VMware … Continue reading “VMware Multiple Vulnerabilities (VMSA-2020-0015)”
Cisco Webex Meetings information disclosure vulnerability (CVE-2020-3347)
Summary: A flaw in the shared memory access of Cisco Webex meetings App for Desktop was reported as medium vulnerability as CVE-2020-3347. This was classified as medium by the networking giant Cisco, as only authenticated users can take the leverage of this flaw. Basically, allowed an attacker who already had authenticated access on a system … Continue reading “Cisco Webex Meetings information disclosure vulnerability (CVE-2020-3347)”
Cisco NX-OS IP-in-IP Information Disclosure vulnerability (CVE-2020-10136)
Summary: Multiple products such as Cisco, Digi, HP and such other were reported to be vulnerable to IP-in-IP packet processing vulnerability. CVE-2020-10136 and CWE-19 were assigned to the said vulnerability. Here we’ll share some information about the same for Cisco NX-OS devices. Description: An authentication is primary requirement to access this vulnerability. An unauthenticated attacker … Continue reading “Cisco NX-OS IP-in-IP Information Disclosure vulnerability (CVE-2020-10136)”
Deskpro multiple vulnerabilities information disclosure , privilege escalation to RCE (CVE-2020-11463,CVE-2020-11464,CVE-2020-11465,CVE-2020-11466,CVE-2020-11467)
Summary: In the first week of April, amidst of global lockdown environment, multiple vulnerabilities that includes information disclosure as well as privilege escalation that leads to remote code execution (RCE) were observed in Deskpro. These issues were classified into CWE-200 and CWE-269 that exists in Deskpro prior to 2019.8.0. The /api/email_accounts endpoint failed to properly … Continue reading “Deskpro multiple vulnerabilities information disclosure , privilege escalation to RCE (CVE-2020-11463,CVE-2020-11464,CVE-2020-11465,CVE-2020-11466,CVE-2020-11467)”
VMware vCenter Server Sensitive Information Disclosure Vulnerability
On 9th April 2020,VMware has released an advisory VMSA-2020-0006 to addressed a critical information disclosure vulnerability. CVE-2020-3952 has been assigned. Vulnerability would be exploited by attackers to compromise vCenter Server or other services that use the Directory Service (vmdir) for authentication. vCenter Server provides a centralized platform for controlling VMware vSphere environments, it helps manage … Continue reading “VMware vCenter Server Sensitive Information Disclosure Vulnerability”
FortiOS and FortiClient Man-In-The-Middle Attack privilege escalation vulnerability (CVE-2018-9195)
Summary: FortiOS has been reported with an unquoted service path vulnerability. FortiClient FortiTray of FortiClientConsole executable service path is the vulnerable component that leads to escalated privileges. Description: For Mac and Windows Fortigate products like FortiOS for FortiGate firewalls and the FortiClient endpoint antivirus.,uses a weak encryption cipher (XOR) and hardcoded cryptographic keys to communicate … Continue reading “FortiOS and FortiClient Man-In-The-Middle Attack privilege escalation vulnerability (CVE-2018-9195)”