The fix: Updated versions of IOS XE are available now for installation however, updates will not remove added credentials or other backdoors installed on servers. While reported last week, researchers observed hackers altering systems to potentially hide vulnerable servers from detection. The problem: CVE-2023-20198, with a highest-possible CVSS Score of 10.0, and CVE-2023-20273 with a CVSS Score of 7.2, allow for authentication bypass and gain root access to systems. Type of attack: Attackers actively exploit vulnerabilities in internet-facing IOS XE systems to add new privileged users and back doors. Widespread Cisco IOS XE Vulnerability Under Active Attack The fix: Apply the newly available patch immediately. The problem: Unpatched Citrix NetScaler ADC and Gateway appliances allow attackers to retrieve authentication session cookies and other information stored in buffers. Type of attack: Active exploitation of the high-risk Sensitive Information Disclosure vulnerability ( CVE-2023-4966) disclosed on Octoand now known as Citrix Bleed. See the Top Patch and Vulnerability Management tools OctoCitrix NetScaler Vulnerability Under Active Attack It can also be a challenge for security and IT pros even to know everything they own - a vulnerable device may have been forgotten - so asset management is an increasingly important part of vulnerability management. A few of the vulnerabilities this week are particularly critical - so much so that VMware took the unusual step of updating a product that had reached end of life status. Yet with patches available for new vulnerabilities in tools such as VMware vCenter Server and F5 BIG-IP, patching teams need to get moving to avoid being the next victims. The ongoing stress related to pre-existing vulnerabilities continue to haunt customers for Citrix NetScaler, Cisco IOS XE, and Apple. Organizations that don’t patch promptly likely suffer additional stress when the unpatched vulnerabilities are targeted by attackers. Is it better to stress now, or stress more later? Organizations that possess effective patch and vulnerability management suffer stress earlier as vulnerabilities are announced and their teams work hard to eliminate them. We may make money when you click on links to our partners. ESecurity Planet content and product recommendations are editorially independent.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |