Last updated at Tue, 27 Feb 2024 17:18:04 GMT
Rapid7 is highlighting two critical vulnerabilities in outdated versions of widely deployed software this week. Atlassian 披露 cve - 2023 - 22527, a template injection vulnerability in Confluence Server with a maxed-out CVSS score of 10, while VMware pushed a fresh update to its October 2023 vCenter Server 咨询 on CVE-2023-34048 to note that the vulnerability has now 被 exploited in the wild. As of January 21, cve - 2023 - 22527 is also being exploited in the wild.
VMware 和 Atlassian technologies are mainstays in many corporate environments, they have 从历史上看 被 有针对性的 by a wide range of adversaries, including in large-scale ransomware campaigns. Rapid7 urges customers to ensure that they are using 支持, 固定的版本 of vCenter Server 和 Confluence Server in their environments, 这, 只要有可能, they are adhering to a high-urgency patching schedule for these products.
VMware vCenter Server CVE-2023-34048
CVE-2023-34048 is a critical out-of-bounds write vulnerability that affects VMware vCenter Server 和 VMware Cloud Foundation. 的 vulnerability arises from an out-of-bounds write flaw in vCenter’s implementation of DCERPC, 哪一个, 如果开发成功, 可能导致远程代码执行. It was originally 披露 in October 2023 alongside 固定的版本, including for several end-of-life products. 本周早些时候,VMware更新了他们的 咨询 to note that exploitation of CVE-2023-34048 has 被 observed in the wild. Fixed versions of vCenter Server that remediate CVE-2023-34048 have 被 available since October 2023.
每VMware的 咨询, all versions of vCenter Server are vulnerable to CVE-2023-34048 除了 以下 固定的版本 (或更高版本):
Customers should update on an emergency basis if they have not done so before now. Patches are also available for 以下 end-of-life versions of vCenter Server: 6.7U3, 6.5U3, VCF 3.x. VMware has information on 应用ing individual product updates to Cloud Foundation environments 在这里.
For more information, see VMware’s original 咨询 和 常见问题解答. A list of vCenter Server versions 和 builds is 可以在这里.
Atlassian Confluence Server 和 Data Center cve - 2023 - 22527
cve - 2023 - 22527 is a critical template injection vulnerability in Atlassian Confluence that allows for unauthenticated remote code execution when exploited successfully in vulnerable target environments. 截至1月22日, 多个 来源 are reporting exploitation of this vulnerability. Rapid7 Labs has also observed attempted exploitation in both honeypot 和 production environments.
来自Atlassian的受影响版本 咨询:
- 8.0.x
- 8.1.x
- 8.2.x
- 8.3.x
- 8.4.x
- 8.5.0-8.5.3
的 最新支持的版本 of Confluence Server (as of January 16, 2024) are not affected. Fixed versions for Confluence Server are 8.5.4和8.5.5,这两个都是长期支持的. For Confluence Data Center, 固定的版本 are 8.6.0, 8.7.1和8.7.2, all of 哪一个 应用 to Confluence Data Center only.
We strongly recommend that Atlassian Confluence customers update to the latest version in their product’s version stream. 客户应参考 供应商咨询 as the source of truth on affected products 和 固定的版本.
Rapid7客户
漏洞检查 cve - 2023 - 34048 have 被 available to InsightVM 和 Nexpose customers since October 27, 2023. 漏洞检查 cve - 2023 - 22527 have 被 available to InsightVM 和 Nexpose customers since January 17, 2024.
A 伶盗龙 工件 to hunt for evidence of Confluence cve - 2023 - 22527 exploitation is 可以在这里.
更新
2024年1月22日: 截至1月22日, 多个 来源 are reporting exploitation of Atlassian Confluence Server 和 Data Center cve - 2023 - 22527.
2024年1月23日: Noted that Rapid7 Labs has observed attempted exploitation of Atlassian Confluence cve - 2023 - 22527 in both honeypot 和 production environments.
2024年1月26日: 添加迅猛龙 工件 for detecting evidence of Confluence Server exploitation.
