VMware Releases Patches for New Vulnerabilities Affecting Multiple Products
Description:
VMware has issued patches to contain two security flaws impacting Workspace ONE Access, Identity Manager, and vRealize Automation. The flaw can be exploited to backdoor enterprise networks. The first flaw tracked as CVE-2022-22972 is an authentication bypass vulnerability. This could enable an attacker with network access to the UI to gain administrative access without prior authentication.
The second flaw tracked as CVE-2022-22973 is a privilege escalation vulnerability. The flaw enables an attacker with local access to elevate privileges to the "root" user on vulnerable virtual appliances.
CVE_IDs:
- CVE-2022-22972
- CVE-2022-22973
Source:
VMware Releases Patches for New Vulnerabilities Affecting Multiple Products (thehackernews.com)
Impact:
Successful exploitation of the flaws tracked as CVE-2022-22972 and CVE-2022-22973 could allow an attacker to gain administrative access without authentication and root access on the vulnerable machine respectively.
Suggestions and Recommendations:
Vmware has released the patch for the flaws. Customers are requested to apply the patches
Microsoft Mitigates RCE Vulnerability Affecting Azure Synapse and Data Factory
Description:
Microsoft has mitigated a security flaw affecting Azure Synapse and Azure Data Factory that, if successfully exploited, could result in remote code execution.
The vulnerability tracked as CVE-2022-29972, was specific to the third-party Open Database Connectivity (ODBC) driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory Integration Runtime (IR) and did not impact Azure Synapse as a whole. The vulnerability could allow an attacker to perform remote command execution across IR infrastructure not limited to a single tenant
A malicious actor can weaponize the bug to acquire the Azure Data Factory service certificate and access another tenant's Integration Runtimes to gain access to sensitive information, effectively breaking tenant separation protections.
CVE_IDs:
-
CVE-2022-29972
Source:
Microsoft Mitigates RCE Vulnerability Affecting Azure Synapse and Data Factory (thehackernews.com)
Impact:
The vulnerability could have allowed an attacker to perform remote command execution across IR infrastructure
Suggestions and Recommendations:
Microsoft has released the patch for the flaw. Users are requested to apply the fixes
Backdoor baked into premium school management plugin for WordPress
Description:
Security researchers have discovered a backdoor in a premium WordPress plugin designed as a complete management solution for schools. The malicious code enables a threat actor to execute PHP code without authenticating. The plugin named “School Management Pro” allows schools to manage live classes, send email or SMS notifications, keep attendance boards and manage noticeboards, etc.
The backdoor tracked as CVE-2022-1609, which is believed to have existed since version 8.9, enables an unauthenticated attacker to execute arbitrary PHP code on sites with the plugin installed
Because the backdoor is injected in the license checking part of the plugin, the free version does not contain the backdoor either, so it’s not impacted.
CVE_IDs:
- CVE-2022-1609
Source:
Researchers
Find Backdoor in School Management Plugin for WordPress (thehackernews.com)
Impact:
The backdoor can let attackers access or alter the website’s contents, elevate privileges, and assume complete control of the site.
Suggestions and Recommendations:
The backdoor has been mitigated and customers of the plugin are recommended to update to the latest version
F5 Warns of a New Critical BIG-IP Remote Code Execution Vulnerability
Description:
Cloud security and application delivery network (ADN) provider F5 has released patches to contain 43 bugs discovered on its products. Out of 43 issues addressed, one is rated Critical, 17 are rated High, 24 are rated Medium, and one is rated low in severity.
The flaws tracked as CVE-2022-1388, may allow an unauthenticated attacker to take control of the affected systems. An unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses can execute arbitrary system commands, create or delete files, or disable services.
CVE_IDs:
- CVE-2022-1388
Source:
F5
Warns of a New Critical BIG-IP Remote Code Execution Vulnerability
(thehackernews.com)
Impact:
Successful exploitation of the flaw could allow an unauthenticated attacker to execute arbitrary system commands, create or delete files, or disable services.
Suggestions and Recommendations:
The patch has been released with the latest version. Organizations using F5 appliances are requested to apply the patches to prevent threat actors from exploiting the attack vector for initial access.