Critical Vulnerability Awareness – October 2022

Share This Post

A focus of Cybersecurity Awareness Month is on patching software in a timely manner. But we recognize that there are many patches being released each week, and it can become difficult to prioritize the critical updates to make first. We’ve simplified that for you in the below post. Read on for this month’s critical vulnerabilities and patches, curated for you by the Antigen team.

CVE-2021-22048 – VMware vCenter Server

  • vCenter Server contains a privilege escalation vulnerability. This is within the Integrated Windows Authentication feature (IWA).
  • Patch: Not yet released
  • Workaround: Workaround for CVE-2021-22048 is to switch to AD over LDAPS authentication OR Identity Provider Federation for AD FS (vSphere 7.0 or later) from Integrated Windows Authentication.
  • Advisory:

CVE-2022-40684 – Fortinet Authentication Bypass

  • This security flaw (CVE-2022-40684) allows attackers to bypass the authentication process on the administrative interface of FortiGate firewalls, FortiProxy web proxies, and FortiSwitch Manager (FSWM) on-premise management instances.
  • This is being ACTIVLY EXPLOITED, Pease patch ASAP!!!
  • Patch:
    • Please upgrade to FortiOS version 7.2.2 or above
    • Please upgrade to FortiOS version 7.0.7 or above
    • Please upgrade to FortiProxy version 7.2.1 or above
    • Please upgrade to FortiProxy version 7.0.7 or above
    • Please upgrade to FortiSwitchManager version 7.2.1 or above
  • Advisory:

CVE-2022-36067 – vm2 JavaScript Sandbox

  • A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine.
  • This is a very commonly embedded package. Please check your application dependencies.
  • Patch: This vulnerability was patched in the release of version 3.9.11 of vm2.
  • Advisory:

CVE-2022-41040  &  CVE-2022-41082 – Zero-day RCE/SSRF Vulnerabilities in Microsoft Exchange Server

Make sure your business overcomes threats

Get in touch to learn how to keep your business protected using industry-leading tools and experts who are passionate about what they do.