1080*80 ad
Home » Blog » CISA Adds XWiki, VMware Aria Operations, and VMware Tools Vulnerabilities to Known Exploited List

CISA Adds XWiki, VMware Aria Operations, and VMware Tools Vulnerabilities to Known Exploited List

Benhcmark Administrator Benhcmark Administrator
01/12/2025
1 View 0
CISA Adds XWiki, VMware Aria Operations, and VMware Tools Vulnerabilities to Known Exploited List

Urgent Security Warning: CISA Adds Critical VMware and XWiki Bugs to Exploited List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert, adding three significant vulnerabilities affecting products from VMware and XWiki to its Known Exploited Vulnerabilities (KEV) catalog. This action confirms that malicious actors are actively exploiting these security flaws in real-world attacks, making immediate patching a top priority for organizations worldwide.

When a vulnerability is added to the KEV catalog, it serves as a crucial warning for all sectors. While CISA’s directive specifically mandates that Federal Civilian Executive Branch (FCEB) agencies apply patches by June 13, 2024, private companies and other organizations are strongly advised to follow suit to protect their networks from compromise.

Let’s break down the specific vulnerabilities that demand your immediate attention.

The Newly Added Vulnerabilities

Understanding the nature of these threats is the first step toward effective defense. Here are the details on the three flaws now confirmed to be under active exploitation:

1. XWiki Platform Remote Code Execution (CVE-2022-35914)

This is a particularly dangerous flaw affecting the XWiki enterprise wiki platform. The vulnerability allows an unauthenticated attacker to remotely execute arbitrary code on a vulnerable server.

  • Impact: A successful exploit gives an attacker complete control over the affected system. This could lead to data theft, malware deployment, or using the compromised server as a launchpad for further attacks within your network.
  • Severity: Critical. The ability to execute code without needing prior access or credentials makes this a high-priority threat for any organization using the XWiki platform.

2. VMware Aria Operations for Networks Command Injection (CVE-2021-21999)

This vulnerability impacts VMware’s network monitoring and management tool, Aria Operations for Networks (formerly vRealize Network Insight). It is a server-side request forgery (SSRF) flaw that can be leveraged for remote command injection.

  • Impact: An attacker can exploit this vulnerability to execute malicious commands on the underlying server, potentially gaining unauthorized access to sensitive network information and system resources.
  • Severity: High. Because this tool has deep visibility into network infrastructure, a compromise could have widespread consequences.

3. VMware Tools Privilege Escalation (CVE-2023-20867)

Unlike the other two, this is a local privilege escalation vulnerability within VMware Tools, a suite of utilities that enhances the performance of a virtual machine’s guest operating system.

  • Impact: This flaw allows an attacker who already has initial, low-level access to a virtual machine to escalate their privileges to gain root or administrator-level control. This is a common tactic used by attackers to deepen their foothold, disable security controls, and move laterally across a network.
  • Severity: High. While it requires initial access, privilege escalation is a critical link in the attack chain that enables more damaging actions.

Why the KEV Catalog Matters for Everyone

The CISA KEV catalog is not just a list of theoretical weaknesses; it is a priority action list for cybersecurity professionals. It contains vulnerabilities that are proven weapons in the hands of cybercriminals and state-sponsored actors.

When a flaw is added to this list, it signals a shift from a potential threat to an active and present danger. For any organization, regardless of size or industry, vulnerabilities on the KEV list should be moved to the top of the patching queue.

Actionable Steps to Protect Your Organization

Ignoring these warnings is not an option. Here’s what your security and IT teams should do right now:

  1. Identify Your Assets: Immediately conduct a scan of your environment to determine if you are running vulnerable versions of XWiki Platform, VMware Aria Operations for Networks, or VMware Tools.
  2. Apply Patches Urgently: Prioritize the deployment of security updates provided by XWiki and VMware. Do not delay. The deadline of June 13th for federal agencies should be treated as a final-call for all organizations.
  3. Hunt for Threats: If patching was delayed, review logs and system activity for any signs of compromise or suspicious behavior related to these products. Look for unusual network connections, unauthorized account creation, or unexpected system commands.
  4. Strengthen Vulnerability Management: Integrate the CISA KEV catalog into your regular vulnerability management program. This ensures that your team is always aware of the most imminent threats and can prioritize remediation efforts effectively.

The digital threat landscape is constantly evolving, and proactive defense is the only viable strategy. By taking swift and decisive action on these confirmed threats, you can significantly reduce your organization’s risk of a damaging cyberattack.

Source: https://securityaffairs.com/184051/hacking/u-s-cisa-adds-xwiki-platform-and-broadcom-vmware-aria-operations-and-vmware-tools-flaws-to-its-known-exploited-vulnerabilities-catalog.html

900*80 ad

Related Articles
      1080*80 ad
      About Hosterdojo

      Hosterdojo reviews server performance, network capabilities, and other related benchmarks. If you are a provider interested in submitting your VPS products, feel free to reach out to me.

      Email: [email protected]
      Telegram Channel: https://t.me/hosterdojo

      Follow

      Useful Link

      Girl in a jacket