Security News > 2023 > April > Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products
Cisco and VMware have released security updates to address critical security flaws in their products that could be exploited by malicious actors to execute arbitrary code on affected systems.
The most severe of the vulnerabilities is a command injection flaw in Cisco Industrial Network Director, which resides in the web UI component and arises as a result of improper input validation when uploading a Device Pack.
While there are workarounds that plug the security hole, Cisco cautions customers to test the effectiveness of such remediations in their own environments before administering them.
VMware Aria Operations for Logs 8.12 fixes this vulnerability along with a high-severity command injection flaw that could allow an attacker with admin privileges to run arbitrary commands as root.
The alert comes almost three months after VMware plugged two critical issues in the same product that could result in remote code execution.
With Cisco and VMware appliances turning out to be lucrative targets for threat actors, it's recommended that users move quickly to apply the updates to mitigate potential threats.
News URL
https://thehackernews.com/2023/04/cisco-and-vmware-release-security.html
Related news
- Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution (source)
- AMD won’t patch Sinkclose security bug on older Zen CPUs (source)
- SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software (source)
- Food security: Accelerating national protections around critical infrastructure (source)
- You probably want to patch this critical GitHub Enterprise Server bug now (source)
- GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges (source)
- SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access (source)
- Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability (source)
- Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks (source)
- Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues (source)