Preface: Virtio-net device emulation enables users to create VirtIO-net emulated PCIe devices in the system where the NVIDIA® BlueField® DPU is connected.

Background: The Intelligent Platform Management Interface (IPMI) is a standard interface for hardware management used by system administrators to control the devices and monitor the sensors. For these, it is necessary the IPMI Controller called Baseboard Management Controller (BMC) and a manager software (for example, IPMItool). It provides an interface to manage IPMI functions in a local (in-band) or remote (out-of-band) system.

Ref: Developer can wrote their own tools to query the sensors, via the IPMItool

Vulnerability details: NVIDIA Bluefield 2 and Bluefield 3 DPU BMC contains a vulnerability in ipmitool, where a root user may cause code injection by a network call. A successful exploit of this vulnerability may lead to code execution on the OS.

Official announcement: Please refer to the link for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5511

Preface: The missing function-level access control vulnerability refers to the flaws in the authorization logic. By exploiting it, an attacker, who could be an existing user of the application, is able to escalate privileges and access restricted functionalities.

Background: VMware Aria Automation Orchestrator. (formerly vRealize Orchestrator). VMware Aria is an intelligent multi-cloud management solution that enables you to consistently deploy and operate your apps, infrastructure, and platform services across private, hybrid, and multiple clouds from a single platform with a common data model.

Ref: vRealize Automation includes a preconfigured embedded vRealize Orchestrator instance. You can access the client of the embedded vRealize Orchestrator from the vRealize Automation Cloud Services Console.

Vulnerability details: An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.

Resolution: To remediate CVE-2023-34063 apply the patches

Official announcement: Please refer to the link for details – https://www.vmware.com/security/advisories/VMSA-2024-0001.html

Preface: In my opinion, this design flaw is dangerous. But no worries, about a month ago. Vendors have issued remediations based on their priorities. CVE technical details were released today (21st Jan 2024).

Background: io_uring is applicable to most businesses and applications with a demand for asynchronous I/O. As of now, io_uring has been integrated into multiple mainstream open-source applications, such as RocksDB, Netty, QEMU, SPDK, PostgreSQL, MariaDB, etc.

What is io_uring? io_uring is an asynchronous I/O interface for the Linux kernel. An io_uring is a pair of ring buffers in shared memory that are used as queues between user space and the kernel:

Submission queue (SQ): A user space process uses the submission queue to send asynchronous I/O requests to the kernel.

Completion queue (CQ): The kernel uses the completion queue to send the results of asynchronous I/O operations back to user space.

Many io_uring features will soon be available in Red Hat Enterprise Linux 9.3, which ships with core version 5.14. Fedora 37 currently provides the latest io_uring functionality.

Vulnerability details: A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector’s deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2023-6531

Preface: The latest version of SAP Landscape Transformation Replication Server. It combines the latest SAP Landscape Transformation Replication Server functionality with the latest SAP Basis version for the best support of all uses cases involving SAP systems and databases. There are two options for using this version of SAP Landscape Transformation Replication Server (see also chapter Installation Options):

i.As a standalone system based on SAP S/4HANA Foundation 2020 (or higher) together with the DMIS 2020 addon.

ii.Embedded in SAP S/4HANA 2020 (or higher).

Background: (S_DMIS – Authority object for SAP SLO Data migration server)

The user role SAP_IUUC_REPL_ADMIN is required to use SAP Landscape Transformation Replication Server. By default, this role does not allow users to view the data that is replicated from the source system to the target system. However, the authorization object S_DMIS (with activity 29) allows users to view the data that is being replicated (by means of the replication logging function).

SAP strongly recommend that you use the Read Access Logging (RAL) component to monitor and log read access to the relevant data.

Vulnerability Details: SAP LT Replication Server – version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, which has High impact on confidentiality, integrity and availability of the system.

Official announcement: Please refer to the link for details – https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Preface: HTTP/2 Rapid Reset, based on stream multiplexing. HTTP/2 Rapid Reset attacks mostly affect the large infrastructure providers. Software smaller providers use, such as NGINX, Apache Server, ….etc

Background: Oracle GraalVM is a high-performance JDK that can speed up the performance of Java and JVM-based applications using an alternative just-in-time (JIT) compiler.

Vulnerability details: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

If you are managing or operating your own HTTP/2-capable server (open source or commercial) you should immediately apply a patch from the relevant vendor when available.

Official announcement: Please refer to the link for details – https://www.oracle.com/security-alerts/cpujan2024.html

The patch for CVE-2023-44487 also addresses CVE-2023-36478, CVE-2023-40167, CVE-2023-42794, CVE-2023-42795, and CVE-2023-45648.

The patch for CVE-2023-44487 also addresses CVE-2023-45143.

The patch for CVE-2023-45648 also addresses CVE-2023-42794, CVE-2023-42795, and CVE-2023-44487.

The patch for CVE-2023-44487 also addresses CVE-2023-36478.

Preface: NetScaler was initially developed in 1997 by Michel K Susai and acquired by Citrix Systems in 2005. What is the difference between NetScaler ADC and NetScaler gateway? NetScaler ADC is an application delivery controller. NetScaler Gateway (formerly Citrix Gateway) is an access gateway with SSL VPN solution, providing single sign-on (SSO) and authentication for remote end users of network assets.

Background: A cross-site scripting (XSS) attack is a type of injection attack in which malicious script is injected into an otherwise benign and trusted website. The risk of XSS comes from the ability to execute arbitrary JS within the current user context.

UDP is common, but it has inherent vulnerabilities that make it prone to attacks, such as limited packet verification, IP spoofing and DoS attacks.

Ref:

#NSIP address – The management IP address for NetScaler Gateway that is used for all management‑related access to the appliance. NetScaler Gateway also uses the NSIP address for authentication

#Subnet IP (SNIP) address – The IP address that represents the user device by communicating with a server on a secondary network

#Cluster management IP (CLIP) address

Vulnerability details:

CVE-2023-6548 is a RCE vulnerability in the NetScaler ADC and Gateway appliances. An authenticated attacker with low level privileges could exploit this vulnerability if they are able to access NetScaler IP (NSIP), Subnet IP (SNIP), or cluster management IP (CLIP) with access to the appliance’s management interface.

CVE-2023-6549 is a denial of service (DoS) vulnerability in the NetScaler ADC and Gateway appliances. An attacker could exploit this vulnerability when a vulnerable appliance has been configured as a Gateway (e.g. VPN, ICA Proxy, CVPN, RDP Proxy) or as a AAA virtual server.

Official announcement: Please refer to the link for details – https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549