NVD disclosure day

Published threat advisories for October 25, 2023

CVE advisoryKnown Exploit

CVE-2023-34048

VMware vCenter Server Remote Code Execution Vulnerability.

Halo Surface Signal: 3 out of 5 — possibly public-facing.

A vulnerability in VMware vCenter Server allows unauthorized network access to execute arbitrary code. This could lead to data compromise and disruption of business operations. Organizations should identify all vCenter Server instances, restrict network access, and apply vendor updates.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2023-20273

Cisco IOS XE Web UI Command Injection Leading to Root Privilege Escalation

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in Cisco IOS XE Software's web UI allows authenticated attackers to inject commands with root privileges. This impacts affected Cisco IOS XE devices, presenting a business risk of unauthorized system control and data compromise. Organizations should identify and secure exposed devices, applying vendor f

NVD published: • CISA KEV