Unauthenticated Command Injection vulnerability in SD-WAN Edge (VMware)

VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution. A malicious actor with local access to the Edge Router UI during activation may be able to perform a command injection attack that could lead to full control of the router. The Uganda National CERT and Coordination Center (CERT.UG/CC) strongly advises all System and Network admins to review and implement the appropriate fix. The details of the updates can be found here.

RELATED ADVISORIES

Advisories 9 May 2024

Vulnerabilities in Cisco ASA and FTD Software

Cisco disclosed three vulnerabilities in its management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software product. The vulnerability allows an attacker to cause a DoS condition by sending a crafted HTTP request to the web server on a targeted device. A successful exploit would result in an unexpected reloading of the device. This vulnerability is due to incomplete error checking when parsing an HTTP header. The Uganda National CERT and Coordination Center (CERT.UG/CC) strongly advises all system and network admins to review and implement the appropriate patches. The details of the updates are:

Microsoft SharePoint Server Remote Code Execution Vulnerability

Advisories 9 May 2024

Android Pixel Privilege Escalation Vulnerability

Advisories 9 May 2024

Cisco Releases Security Updates for IOS XR Software

Advisories 9 April 2024

Forticlient EMS flaw actively exploited in the wild

Advisories 9 April 2024

Joomla Security Update

Advisories 28 February 2024

Microsoft Exchange Server Security Advisory

Advisories 28 February 2024