Security News > 2023 > April > Cisco and VMware Release Security Updates to Patch Critical Flaws in their Products
Cisco and VMware have released security updates to address critical security flaws in their products that could be exploited by malicious actors to execute arbitrary code on affected systems.
The most severe of the vulnerabilities is a command injection flaw in Cisco Industrial Network Director, which resides in the web UI component and arises as a result of improper input validation when uploading a Device Pack.
While there are workarounds that plug the security hole, Cisco cautions customers to test the effectiveness of such remediations in their own environments before administering them.
VMware Aria Operations for Logs 8.12 fixes this vulnerability along with a high-severity command injection flaw that could allow an attacker with admin privileges to run arbitrary commands as root.
The alert comes almost three months after VMware plugged two critical issues in the same product that could result in remote code execution.
With Cisco and VMware appliances turning out to be lucrative targets for threat actors, it's recommended that users move quickly to apply the updates to mitigate potential threats.
News URL
https://thehackernews.com/2023/04/cisco-and-vmware-release-security.html
Related news
- Enhancing security through proactive patch management (source)
- Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199) (source)
- Exploit available for new critical TeamCity auth bypass bug, patch now (source)
- VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws (source)
- VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion (source)
- VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation (source)
- Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client (source)
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
- Critical Security Flaw Found in Popular LayerSlider WordPress Plugin (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)