Threat Advisories - NVD Disclosed June 13, 2023

CVE-2023-20867

VMware Tools Authentication Bypass Vulnerability.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A vulnerability in VMware Tools may affect the confidentiality and integrity of guest virtual machines. An attacker with root access to a compromised ESXi host could bypass authentication for host-to-guest operations. This presents a risk to guest data.

NVD published: June 13, 2023 • CISA KEV

CVE advisoryCRITICAL

CVE-2023-35064

Satos Mobile attackers can steal data or take control of services

Halo Surface Signal: 3 out of 5 — possibly public-facing.

An external attacker could exploit a security flaw in Satos Mobile to gain unauthorized access to the system's database. This could allow them to extract sensitive customer information or user credentials, creating a risk of data exposure.

NVD published: June 13, 2023

CVE advisoryCRITICAL

CVE-2023-3050

TMT Lockcell flaw lets attackers bypass security and take control

Halo Surface Signal: 3 out of 5 — possibly public-facing.

An external attacker can exploit TMT Lockcell by tampering with login data to bypass security and impersonate authorized users. This allows them to gain unauthorized access to sensitive administrative dashboards and organizational data.

NVD published: June 13, 2023

CVE advisoryCRITICAL

CVE-2023-3049

Attacker can take control of Lockcell systems by uploading malicious files

Halo Surface Signal: 3 out of 5 — possibly public-facing.

An external attacker can bypass file security in TMT Lockcell to execute unauthorized commands, potentially gaining full control over the host server. This access exposes sensitive data and threatens the integrity of our core business operations.

NVD published: June 13, 2023

CVE advisoryCRITICAL

CVE-2023-3048

Lockcell allows attackers to bypass security controls for full access

Halo Surface Signal: 2 out of 5 — less likely to be public-facing.

A critical flaw in TMT Lockcell firmware lets anyone bypass security, potentially gaining full control. Update immediately to protect your physical access systems.

NVD published: June 13, 2023

CVE advisoryCRITICAL

CVE-2023-3047

Attacker can steal sensitive files or gain admin control of Lockcell systems

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical flaw in TMT Lockcell allows unauthorized access and control by injecting malicious commands. This vulnerability could let attackers steal sensitive data or take over your systems remotely.

NVD published: June 13, 2023

CVE advisoryKnown Exploit

CVE-2023-27997

Fortinet SSL-VPN Vulnerability Allows Code Execution.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

Certain versions of Fortinet SSL-VPN are affected by a heap-based buffer overflow vulnerability, allowing remote attackers to execute arbitrary code or commands. This poses a significant risk of unauthorized system compromise and data access for affected organizations.

NVD published: June 13, 2023 • CISA KEV