Rewterz Threat Advisory – CVE-2023-3484 – GitLab Vulnerability

July 6, 2023

Rewterz Threat Alert – RedEnergy: Advanced Stealer-as-a-Ransomware Targets Energy and Telecom Sectors – Active IOCs

July 6, 2023

Rewterz Threat Advisory – CVE-2023-20185 – Cisco ACI Multi-Site CloudSec Vulnerability

July 6, 2023

Severity

High

Analysis Summary

CVE-2023-20185

Cisco ACI Multi-Site CloudSec could allow a remote attacker to obtain sensitive information, caused by an issue with the implementation of the ciphers that are used by the CloudSec encryption feature. By intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption, an attacker could exploit this vulnerability to read or modify the traffic that is transmitted between the sites.

Impact

Information Disclosure

Indicators Of Compromise

CVE

CVE-2023-20185

Affected Vendors

Cisco

Affected Products

Cisco ACI Multi-Site CloudSec Encryption
Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode

Remediation

Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.

Cisco Security Advisory

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

GitHub Tools Deployed in CrazyHunter Ransomware Campaigns – Active IOCs

North Korean APT Kimsuky aka Black Banshee – Active IOCs

Sophisticated BPFDoor Malware Detected Targeting Linux Systems – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – CVE-2023-3484 – GitLab Vulnerability

Rewterz Threat Alert – RedEnergy: Advanced Stealer-as-a-Ransomware Targets Energy and Telecom Sectors – Active IOCs

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.