Security News > 2023 > April > Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products

Cisco and VMware have released security updates to address critical security flaws in their products that could be exploited by malicious actors to execute arbitrary code on affected systems.

The most severe of the vulnerabilities is a command injection flaw in Cisco Industrial Network Director, which resides in the web UI component and arises as a result of improper input validation when uploading a Device Pack.

While there are workarounds that plug the security hole, Cisco cautions customers to test the effectiveness of such remediations in their own environments before administering them.

VMware Aria Operations for Logs 8.12 fixes this vulnerability along with a high-severity command injection flaw that could allow an attacker with admin privileges to run arbitrary commands as root.

The alert comes almost three months after VMware plugged two critical issues in the same product that could result in remote code execution.

With Cisco and VMware appliances turning out to be lucrative targets for threat actors, it's recommended that users move quickly to apply the updates to mitigate potential threats.

News URL

https://thehackernews.com/2023/04/cisco-and-vmware-release-security.html