Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 6, 2023
Severity High Analysis Summary Stealc is a new malware that was first marketed by an actor named Plymouth on the XSS and BHF Russian-speaking underground forums […]September 6, 2023
Severity High Analysis Summary CVE-2023-40743 Apache Axis could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation by the […]September 6, 2023
Severity High Analysis Summary CVE-2023-4763 CVSS:8.8 Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Networks. […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 6, 2023
Severity High Analysis Summary Stealc is a new malware that was first marketed by an actor named Plymouth on the XSS and BHF Russian-speaking underground forums […]September 6, 2023
Severity High Analysis Summary CVE-2023-40743 Apache Axis could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation by the […]September 6, 2023
Severity High Analysis Summary CVE-2023-4763 CVSS:8.8 Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in Networks. […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – BlueNoroff APT Group – Active IOCs
June 21, 2023
Rewterz Threat Alert – Alert on BlackCat Ransomware – Active IOCs
June 21, 2023
Severity
High
Analysis Summary
VMware has issued a warning stating that a critical command injection vulnerability in Aria Operations for Networks, formerly known as vRealize Network Insight, is actively being exploited in the wild. The vulnerability, identified as CVE-2023-20887, enables a malicious actor with network access to execute remote code by performing a command injection attack.
This security flaw affects VMware Aria Operations Networks versions 6.x, and the company has released fixes for it in versions 6.2, 6.3, 6.4, 6.5.1, 6.6, 6.7, 6.8, 6.9, and 6.10, which were made available on June 7, 2023.
According to an update shared by VMware on June 20, the vulnerability has been weaponized and is actively being exploited in real-world attacks. However, the exact details of these attacks are currently unknown.
VMware confirmed the exploitation of CVE-2023-20887, and data from threat intelligence firm GreyNoise revealed ongoing exploitation originating from two different IP addresses located in the Netherlands.
The disclosure of this vulnerability comes after a researcher named Sina Kheirkhah, from the Summoning Team, identified and reported the flaw. Kheirkhah has also released a proof-of-concept (PoC) demonstrating the exploitation of the vulnerability. The PoC highlights that the vulnerability consists of a chain of two issues that can be leveraged by unauthenticated attackers to achieve remote code execution (RCE).
The rapid exploitation of newly disclosed vulnerabilities by both state-sponsored actors and financially motivated groups continues to pose a significant threat to organizations worldwide. This recent disclosure follows a report from Mandiant that uncovered active exploitation of another VMware vulnerability (CVE-2023-20867) by a suspected Chinese actor named UNC3886, who utilized it to backdoor Windows and Linux hosts.
Impact
- Command Execution
- Remote Code Execution
Remediation
- Update Aria Operations for Networks to the latest version provided by VMware, which includes the necessary security patches and fixes for the command injection vulnerability.
- Implement robust network monitoring and intrusion detection systems to detect and respond to any malicious activity targeting the vulnerability.
- Restrict network access to the vulnerable system by employing network segmentation, firewalls, and access controls to limit exposure and potential exploitation.
- Educate users and system administrators about the existence and impact of the vulnerability, emphasizing the importance of promptly applying updates and following secure coding practices.
- Conduct regular security assessments, including vulnerability scans and penetration testing, to identify and address any potential security weaknesses in the infrastructure.
- Establish incident response procedures and ensure that the appropriate teams are trained and prepared to handle any potential security incidents or breaches related to the vulnerability.
- Engage with the vendor and security community to stay informed about any further developments or recommendations regarding the vulnerability and its remediation.