F5 has released security updates to address vulnerabilities in curl, openssh and openssl. Exploitation of these vulnerabilities may allow an attacker to cause a denial of service condition.

Users and administrators are encouraged to review F5 Security Advisories K15402727, K11315080, K21350967, K000132946 and K000132941 and apply necessary updates.

Wordfence has released security updates to address vulnerabilities in forminator and folders. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Wordfence Security Advisories forminator and folders and apply necessary updates.

Red Hat has released security updates to address vulnerabilities in openssh, kernel, kubernetes and cups. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Red Hat Security Advisories RHSA-2023:4889, RHSA-2023:4801, RHSA-2023:4885 and RHSA-2023:4864 and apply necessary updates.

Cisco has released security updates to address vulnerabilities in Cisco BroadWorks CommPilot and Cisco Unified CM SME. Exploitation of these vulnerabilities may allow an attacker to gain escalated privilege.

Users and administrators are encouraged to review Cisco Security Advisories cisco-sa-commpilot-xss and cisco-sa-cucm-priv-esc and apply necessary updates.

Advisory No: TZCERT/SA/2023/08/31

Date of First Release: 31^st August 2023

Source: VMWARE

Software Affected:  VMware Aria Operations for Networks

Overview:

VMware has released patches to address critical security vulnerabilities affecting Aria Operations for Networks. These vulnerabilities could allow an attacker to take control of the affected system.

Description:

The authentication bypass and arbitrary file write vulnerabilities tracked by CVE-2023-34039 and CVE-2023-20890 resulted from the lack of unique cryptgraphic key generation and unlimited access allowing privileged users to insidiously write files to any chosen location respectively.

Impact:

Successful exploitation of this vulnerability may allow the attacker to control of the affected system.

Solution:

VMware has released a patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

1. https://www.vmware.com/security/advisories/VMSA-2023-0018.html
2. https://vulcan.io/blog/how-to-fix-cve-2023-34039-cve-2023-20890-in-aria-operations/