Welcome back to this week’s Exposures Exposed!
If you’re following along, you know that here at XM Cyber, we’re on a quest to bring you all the latest in cyber exposure news. The ever-changing cyber ecosystem means that new exposures and vulnerabilities are always emerging and our research team actively tracks them to understand their potential impact and relevance to our users.
Here’s this week’s round-up of the ones you need to know about!
MinIO Storage System Vulnerabilities Exploited by Attackers
Earlier this week, security firm Security Joe disclosed that two recent vulnerabilities in the MinIO are currently being exploited in an attack called Evil MinIO. The exploit can execute code, access private information and enable servers to be taken over. An open source object storage service, MinIO can “store unstructured data, logs, backups, and container images of up to 50TB in size.” according to Bleeping Computer.
The two vulnerabilities are being tracked as CVE-2023-28432 and CVE-2023-28434, and impact all versions before RELEASE.2023-03-20T20-16-18Z. When chained together, the exploit allows attackers to replace the intended software with code that adds a backdoor. According to the Incident Response team at Security Joe, “The culmination of these actions permits the attacker to orchestrate a deceptive update…By replacing the authentic MinIO binary with its ‘evil’ counterpart, the attacker seals the compromise of the system.”
Hackers Bypass VMware Tool’s SAML Authentication with MiTM Attack
VMware has disclosed that a SAML token signature bypass vulnerability is being exploited to perform VMware Guest operations. The CVE, which was first discovered by researchers at GitHub, is being tracked as CVE-2023-20900 with a high severity rating. The vulnerability enables attackers to launch man in the middle attacks and exploit weaknesses to perform unauthorized actions.
The exploit affects VMware Tools for Windows: Versions 12.x.x, 11.x.x, and 10.3.x, for Linux: Version 10.3.x and for Linux (open-vm-tools): Versions 12.x.x, 11.x.x, and 10.3.x. VMware has already released an advisory and patches for remediation.
Zip Swift and Flutter Library Flaws Allow attackers to gain unauthorized access
In recent weeks, multiple vulnerabilities have been disclosed in popular ZIP libraries of Swift and Flutter, both of which are commonly used in app development. These CVEs which are being tracked as CVE-2023-39135 , CVE-2023-39138, CVE-2023-39137, CVE-2023-39139 and CVE-2023-39136 range in severity level from 6.5 to 9.8. These exploits enable a wide range of malicious activity including: zip file name spoofing, ZIP symlink path traversal, and denial of service.
Security firm Ostorlab has documented PoCs for all of these exploits. It’s a fascinating read, covering the exploits and the inherent dangers of using libraries.
Dell Alienware Command Center Has High-Severity Vulnerability
Users of Dell Alienware Command Center prior to 188.8.131.52 are being urged to update their systems to version 184.108.40.206 or later as a critical exploit, which is being tracked as CVE-2023-28072, was disclosed by the vendor earlier this week. According to Dell’s advisory, “Dell Technologies highly recommends applying this important update as soon as possible. The update contains critical bug fixes and changes to improve functionality, reliability, and stability of your Dell system. It may also include security fixes and other feature enhancements,”.
This exploit is still so new that little is known about it and its capabilities but thankfully, the remediation is simple enough.
That’s it for this week, folks! Do you have any exposures or vulnerabilities to add to our list? Share them with us!