Rewterz

Rewterz Threat Alert – Group Targeting Executives via Phishing Campaigns for over a year

July 7, 2020
Rewterz

Rewterz Threat Advisory – CVE-2020-3347 – Cisco Webex Meetings Desktop App for Windows Shared Memory Vulnerability

July 8, 2020

Rewterz Threat Advisory – CVE-2020-3973 – VMware VeloCloud SQL-injection vulnerability

Severity

High

Analysis Summary

The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged.

Impact

SQL-injection

Affected Vendors

VMware

Affected Products

VMware SD-WAN by VeloCloud (VeloCloud)

Remediation

Update to latest version.

https://my.vmware.com/web/vmware/downloads/info/slug/networking_security/vmware_sd_wan/3_4_1

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.