Cisco has released security updates to address vulnerabilities to its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of affected system.

Users and administrators are encouraged to review Cisco Security Advisories cisco-sa-sudo-privesc and cisco-sa-n9kaci-unauth-access and apply necessary updates.

Ubuntu has released security updates to address vulnerabilities in Linux kernel, python and LibTIFF. Exploitation of these vulnerabilities may allow an attacker to take control of affected systems.

Users and administrators are encouraged to review Ubuntu Security Advisories and apply necessary updates.

Red Hat has released security updates to address vulnerabilities in Ansible Engine and OpenShift Container Platform. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition.

Users and administrators are encouraged to review Red Hat Security Advisories RHSA-2021:0100 and RHSA-2021:0664 and apply necessary updates.

Advisory No: TZCERT/SA/2021/02/25

Date of First Release: 25^th February 2021

Source: VMware

Software Affected: 

• VMware vCenter Server version 6.5, 6.7 and 7.0
• VMware ESXi version 6.5, 6.7 and 7.0
• VMware Cloud Foundation (vCenter Server) version 3.x and 4.x
• VMware Cloud Foundation (ESXi) version 3.x and 4.x

Overview:

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin that could allow unauthenticated, remote attacker to execute arbitrary code remotely.

Description:

The vulnerability allows unauthorized clients to execute arbitrary commands and send requests on behalf of the targeted server via unauthorized file uploading that lead a remote code execution and unauthorized server-side request forgery (SSRF).

Impact:

Successful exploitation of the vulnerability could allow an unprivileged user to gain access to the system.

Solution:

VMware has issued both workaround and security update to address the affected products. Users and administrators are advised to apply necessary updates or perform the published workarounds as temporary solution when necessary.   

References:

1. https://www.vmware.com/security/advisories/VMSA-2021-0002.html

Mozilla has released security updates to address vulnerabilities in Thunderbird 78.8, Firefox 86, Firefox ESR 78.8. The exploitation of this vulnerability could allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review released Mozilla security advisory and apply necessary updates.