F5 has released security updates to address vulnerabilities in its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review F5 Security Advisories K23605346, K000135449, K000134535, K000133472, K000134746, K000132563 and K000133474 and apply necessary updates.

Cisco has released security updates to address vulnerabilities in Cisco Unified CM, Cisco Secure Web Appliance and Cisco BroadWorks CommPilot Application. Exploitation of these vulnerabilities may allow an attacker to gain access to sensitive information.

Users and administrators are encouraged to review Cisco Security Advisories cisco-sa-ucm, cisco-sa-wsa and cisco-sa-commpilot and apply necessary updates.

Wordfence has released security updates to address vulnerabilities in woocommerce, simple share follow button and simple ticker. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Wordfence Security Advisories woocommerce, simple-share-follow-button and simple-ticker and apply necessary updates.

Advisory No: TZCERT/SA/2023/08/02

Date of First Release: 2^nd August 2023

Source: Citrix

Software Affected: Citrix ADC and Citrix Gateway

Overview:

Citrix has released security patches to address critical vulnerabilities affecting the NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). These vulnerabilities could allow an attacker to execute arbitrary code.

Description:

Multiple vulnerabilities have been discovered in Citrix ADC and Citrix gateway which may be exploited to allow an attacker to execute arbitrary code to an affected system.

CVE-2023-3519 is a remote code execution (RCE) vulnerability that affects older installations of NetScaler ADC as well as NetScaler Gateway, which is an access gateway that provides VPN and single sign-on (SSO) capabilities for remote end users of network assets.

CVE 2023-3467 is a privilege escalation vulnerability that requires attackers to have unauthenticated access to the NSIP or subnet IP (SNIP) with management interface access, and allows for potential privilege elevation to root administrator access.

Impact:

Successful exploitation of this vulnerability may allow the attacker to control of the affected system.

Solution:

Citrix has released patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

1. https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467
2. https://attackerkb.com/topics/si09VNJhHh/cve-2023-3519/rapid7-analysis?referrer=notificationEmail
3. https://unit42.paloaltonetworks.com/threat-brief-citrix-cve-2023-3519/

Veritas has released security updates to address a vulnerability in Veritas NetBackup Snapshot Manager. Exploitation of this vulnerability may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review Veritas Security Advisory VTS23-011 and apply necessary updates.