Preface: An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl[.]cnf’ in an unrestricted directory which would allow code to be executed with elevated privileges,” VMware said.

Background:

VMware App Volumes provides a system to deliver applications to desktops through virtual disks. Installing App Volumes involves installing the App Volumes Manager, App Volumes agents, and related components.
The installers for VMware Tools for Windows is built into VMware Workstation as ISO image files. The new features of VMware Tools for Windows (11.2.6) including OpenSSL version has been updated to 1.1.1k.
VMware Remote Console Open-source components have been updated, including jansson 2.10, libjpeg-turbo 2.0.5, libgksu 2.0.13, openssl 1.1.1h, pcre 8.44, sqlite 3.23.3, and rsvg 2.40.21.

Vulnerability details: VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability.

One of the possibilities: The vmware-vdiskmanager (command line utility) work with libeay32.dll[.] OpenSSL default of “[/]usr[/]local[/]ssl” is used in linux, but in windows it translates to c:[\]usr[\]local[\]ssl.

If a low privilege user creates the directory structure c:[\]usr[\]local[\]ssl[\], copies an openssl.cnf file and malicious .dll library inside it will result is arbitrary code execution when the command line (vmware-vdiskmanger) is executed. Furthermore, VDDK working with some of DLLs (ssleay32.dll, libeay32.dll, diskLibPlugin.dll) because VDDK needs to maintain state information and callback functions. Therefore, the privileges escalation vulnerability will be occurred.

Official announcement (CVE-2021-21999) – https://www.vmware.com/security/advisories/VMSA-2021-0013.html

Ref: There is another vulnerability on other products. VMware Carbon Black App Control update address authentication bypass (CVE-2021-21998) – https://www.vmware.com/security/advisories/VMSA-2021-0012.html

Preface: REST API has similar vulnerabilities as a web application. The possibilities will be from various threats, such as Man-in-the-Middle attacks, lack of XML encryptions, insecure endpoints, API URL parameters, ..etc.

Technical background: Cortex XSOAR is the Security Orchestration, Automation and Response (SOAR) solution from Palo AltoNetworks. Cortex XSOAR (formerly Demisto) is able to configuration with active API Key integrations. In Cortex XSOAR Server, you can add Integration.

1. Go to Cortex XSOAR, then to Settings -> Integrations, search for iLert integration and click on the Add instance button.

2. On the modal window, name the instance, paste the iLert API Key that that you generated in iLert and click on the Save & exit button.

Vulnerability details: The vulnerability exists due to an error in the REST API. A remote attacker can bypass authentication process and gain unauthorized access to the application.

Note: This vulnerability affects only to Cortex XSOAR configurations with active API key integrations.

Ref: Perhaps it can exploit IDOR vulnerability. For instance – The attacker simply modifies the ‘acct’ parameter in their browser to send whatever account number they want. If the application does not perform user verification, the attacker can access any user’s account or other methods.

Official announcements and remedies – https://security.paloaltonetworks.com/CVE-2021-3044

Preface: OPC UA Stack is not only vulnerable but also has a range of significant fundamental problems.

Background: The UA SDK is a C++ library that supports you in writing portable C++ OPC UA Servers and Clients. The UA SDK actually consists of two SDKs, a Server SDK and a Client SDK. Both use the same UA Base Library which does all the C++ encapsulation of the raw ANSI C types
that are defined in the OPC UA Communication Stack by the OPC Foundation.

Vulnerability details: OPC UA C++ SDK is vulnerable to a denial of service, caused by improper restriction of operations within
the bounds of a memory buffer. A remote attacker could exploit this vulnerability to cause the system to crash.

In the OPC UA Stack. OPC Foundation developers provide libraries that are essentially a set of exported functions based on a specification, similar to an API.
In this vulnerability, the exported library functions don’t properly validate received extension objects, which may allow an attacker to crash the software by sending a variety of specially crafted packets to access several unexpected memory locations.

Remedy: Click here to download the latest software package from the Softing website. https://industrial.softing.com/products/opc-ua-and-opc-classic-sdks.html

ICS Advisory (ICSA-21-168-02) – https://us-cert.cisa.gov/ics/advisories/icsa-21-168-02

Preface: The new Edge and Chrome are very similar, as both are built on the same Chromium platform. Meanwhile, Microsoft Edge is based on the Chromium open-source project. Furthermore, when chrome has vulnerability occurs, perhaps Microsoft browser (edge) will be get involves.

Background: WebGL enables web content to use an API based on OpenGL ES 2.0 to perform 2D and 3D rendering in an HTML canvas
in browsers that support it without the use of plug-ins.

Vulnerability details: Just days after having issued patches for (14) Google Chrome vulnerabilities, zero day found again. The issue is that cyber criminals can exploit the flaw (Use after free) in WebGL. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation.

Ref 1: Vulnerability found on 15th June, 2021 – Type confusion in V8 in Google Chrome before 91.0.4472.101 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page. The CVE-2021-30551 insect is noted by Google as kind complication in V8,
implying that JavaScript safety can be bypassed for running unapproved code. Google’s V8 open-source JavaScript and WebAssembly engine.

Ref 2: Enable WebGL – In your Chrome URL bar, go to chrome://flags
Ensure that WebGL is enabled, and not disabled (You’ll need to relaunch Chrome for any changes to take effect)

Announcement by Microsoft – https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30554

Announcement by Google – https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html

Preface: The proof of concept for this vulnerability has been announced. As usual, vendors use their patch release cycle. Therefore, an announcement was issued today (June 8, 2021).

Background: SAP NetWeaver is a software stack for many of SAP SE’s applications. It can be used for custom development and integration with other applications and systems, and is built primarily using the ABAP programming language, but also uses C, C++, and Java.

Vulnerability details: [CVE-2021-27610] Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform Product – SAP NetWeaver AS ABAP and ABAP Platform Versions – 700,701,702,731,740,750,751,752,753,754,755,804.
An ABAP server could not 100% correctly identify, if communication via RFC (TCP 3300-3399) or HTTP (8000) is between the application servers of the same SAP system or with servers outside the same system.

For official details, please refer to the URL – https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999

Preface: Nouveau is a free and open source graphics card driver. It is written for Nvidia’s graphics card and can also be used in the NVIDIA Tegra series of system chips. This driver is written by a group of independent software engineers. Nvidia sometimes will be assistance.

Background: What is DRM subsystem? The Direct Rendering Manager (DRM) is a subsystem of the Linux kernel responsible for interfacing with GPUs of modern video cards. DRM exposes an API that user-space programs can use to send commands and data to the GPU and perform operations such as configuring the mode setting of the display.

Vulnerability details:

There is a flaw reported in the Linux kernel in versions before 5.9 in drivers[/]gpu[/]drm[/]nouveau[/]nouveau_sgdma[.]c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. For example, if this is a virtual system environment. Fundamentally, nouveau is a free and open source graphics card driver. It is written for Nvidia’s graphics card and can also be used in the NVIDIA Tegra series of system chips.The potential impact of this vulnerability depends on the attack in where to take place.

Workaround: Kernel with CONFIG_SLAB_FREELIST_HARDENED=y option enabled should not be affected with this flaw.

Remedy: This was fixed for Fedora with the 5.7.16 stable kernel updates.