Tanzania Computer Emergency Response Team

Cisco SD-WAN vManage Unauthenticated REST API Access Vulnerability (CVE-2023-20214)

13th March 2024

Advisory No: TZCERT/SA/2024/03/13-01 Date of First Release: 14th July 2023 Previous Advisory Number: TZCERT/SA/2023/07/14-03 Source: Cisco Software Affected: Cisco SD-WAN vManage software Overview: Cisco has released security patches to address a critical vulnerability affecting Cisco SD-WAN vManage software. The vulnerability could allow an attacker to attain unauthenticated access to REST …

TZCERT-SU-24-0264 (Ubuntu Security Update)

12th March 2024

Ubuntu has released security updates to address vulnerabilities in Linux kernel, libxml2 and accountsservice. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to review Ubuntu Security Advisories USN-6681-2, USN-6688-1, USN-6658-2 and USN-6687-1 and apply necessary updates.

TZCERT-SU-24-0263 (Dell Security Update)

12th March 2024

Dell has released security updates to address vulnerabilities in Dell NetWorker vProxy and Dell NetWorker (NRE). Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to review Dell Security Advisories dsa-2024-091 and dsa-2023-126 and apply necessary updates.

TZCERT-SU-24-0262 (NetApp Security Update)

12th March 2024

NetApp has released security updates to address vulnerabilities in ISC Bind, libexpat, curl and Apache Commons. Exploitation of these vulnerabilities may allow an attacker to cause a denial of service condition. Users and administrators are encouraged to review NetApp Security Advisories ntap-20240307-0007, ntap-20240307-0005, ntap-20240307-0004 and ntap-20240307-0010 and apply necessary updates.

TZCERT-SU-24-0261 (Chrome Security Update)

12th March 2024

Oracle has released security updates to address vulnerabilities in ChromeOS. Exploitation of these vulnerabilities may allow an attacker to take control of affected system. Users and administrators are encouraged to review Chrome Security Advisories update-for-chromeos and update-for-chromeos-1 and apply necessary updates.

Tanzania Computer Emergency Response Team

CAPACITY BUILDING: THREAT DETECTION AND INCIDENT HANDLING AND RESPONSE TRAINING

CAPACITY BUILDING: THREAT DETECTION TRAINING

Cybersecurity is a key for Development – Tanzania Ranks 2nd in Africa

Download: Advice to Parent/Guardians in Protecting Children Online

Current Activities

Cisco SD-WAN vManage Unauthenticated REST API Access Vulnerability (CVE-2023-20214)

TZCERT-SU-24-0264 (Ubuntu Security Update)

TZCERT-SU-24-0263 (Dell Security Update)

TZCERT-SU-24-0262 (NetApp Security Update)

TZCERT-SU-24-0261 (Chrome Security Update)

Subscribe to Receive Regular Updates

Multiple critical vulnerabilities affecting WordPress (CVE-2024-3604, CVE-2024-6314, CVE-2024-6313, CVE-2024-6365)

Critical Vulnerabilities in multiple IBM vulnerabilities (CVE-2024-1597, CVE-2022-46337)

Arbitrary code execution vulnerability on IBM Instana Observability (CVE-2023-39410)

High severity vulnerabilities affecting WordPress (CVE-2024-5943, CVE-2024-2385, CVE-2024-6319, CVE-2024-6318)

High severity vulnerabilities in HPE ProLiant and HPE Edgeline Servers Using BIOS (PixieFail) (CVE-2023-45229, CVE-2023-45230, CVE-2023-45234, CVE-2023-45235, CVE-2021-38575)