CVE-2021-39144: VMware Patches Critical Cloud Foundation Vulnerability in XStream Open Source Library


</p> <p>VMware issues patches for end-of-life versions of Cloud Foundation Network Security Virtualization for vSphere (NSX-V) to address a critical vulnerability in an open source library.</p> <h2>Background</h2> <p>On October 25, VMware published <a href="https://www.vmware.com/security/advisories/VMSA-2022-00027.html"><u>VMSA-2022-0027</u></a>, an advisory for multiple vulnerabilities in its VMware Cloud Foundation solution.</p> <div class="table-responsive"> <table class="table"> <thead> <tr> <th><strong>CVE</strong></th> <th><strong>Description</strong></th> <th><strong>CVSSv3</strong></th> </tr> </thead> <tbody> <tr> <td><a href="https://www.tenable.com/cve/CVE-2021-39144"><u>CVE-2021-39144</u></a></td> <td>VMware Cloud Foundation XStream Library Deserialization of Untrusted Data Vulnerability</td> <td>9.8</td> </tr> <tr> <td><a href="https://www.tenable.com/cve/CVE-2021-31678"><u>CVE-2022-31678</u></a></td> <td>VMware Cloud Foundation XML External Entity (XXE) Vulnerability</td> <td>5.3</td> </tr> </tbody> </table> </div> <h2>Analysis</h2> <p><a href="https://www.tenable.com/cve/CVE-2021-39144"><u>CVE-2021-39144</u></a> is a remote code execution vulnerability in XStream, an open source library used for object serialization. This vulnerability was originally <a href="https://x-stream.github.io/CVE-2021-39144.html"><u>patched on August 22, 2021</u></a> in XStream version 1.4.18. VMware Cloud Foundation uses XStream for input serialization in its Network Security Virtualization for vSphere (NSX-V) solution. An attacker could exploit this vulnerability by targeting an unauthenticated endpoint in NSX-V to gain remote code execution privileges as root.</p> <p><a href="https://www.tenable.com/cve/CVE-2021-31678"><u>CVE-2022-31678</u></a> is an XXE vulnerability in VMware Cloud Foundation NSX-V. A remote, unauthenticated attacker could exploit this vulnerability to cause a denial-of-service condition or cause an unintended information disclosure. It is a moderately rated vulnerability, receiving a CVSSv3 score of 5.3.</p> <p><strong>VMware issues fix for end-of-life versions of NSX-V</strong></p> <p>In August 2021, VMware <a href="https://kb.vmware.com/s/article/84244"><u>announced that general support for NSX-V would end on January 16, 2022</u></a> and that technical guidance would end on January 16, 2023. However, in its advisory, VMware notes that “due to the critical severity of NSX-V” a patch was made available to address both flaws.</p> <p>While no specific details about CVE-2021-39144 were made public by VMware, the fact that they highlighted the attack vector as a “unauthenticated endpoint […] in VMware Cloud Foundation (NSX-V)” coupled with the decision to release a patch for an end-of-life product, suggests that exploitation of this flaw is straightforward.</p> <p><strong>Supply chain attacks remain a major area of concern</strong></p> <p>The presence of this vulnerability in the XStream library and its use in VMware Cloud Foundation NSX-V evokes memories of <a href="https://www.tenable.com/blog/cve-2021-44228-proof-of-concept-for-critical-apache-log4j-remote-code-execution-vulnerability"><u>Log4Shell</u></a>. While CVE-2021-39144 is not the same caliber as Log4Shell, it serves as a reminder of the challenges supply chain vulnerabilities pose to an organization’s security posture.</p> <h2>Proof of concept</h2> <p>The discovery of both flaws are attributed to researchers <a href="https://twitter.com/steventseeley"><u>Steven Seeley</u></a> of Source Incite and <a href="https://twitter.com/SinSinology"><u>Sina Kheirkhah</u></a> of MDSec. A blog post <a href="https://srcincite.io/blog/2022/10/25/eat-what-you-kill-pre-authenticated-rce-in-vmware-nsx-manager.html"><u>was published</u></a> on Source Incite that details their findings. The blog post includes <a href="https://srcincite.io/blog/2022/10/25/eat-what-you-kill-pre-authenticated-rce-in-vmware-nsx-manager.html#proof-of-concept"><u>a proof-of-concept exploit</u></a> script that can be used to get a reverse shell on a vulnerable VMware Cloud Foundation NSX-V instance.</p> <h2>Solution</h2> <p>VMware Cloud Foundation 4.x is not affected by either CVE-2021-39144 or CVE-2022-31678. However, VMware’s advisory notes that VMware Cloud Foundation (NSX-V) versions 3.x are affected:</p> <div class="table-responsive"> <table class="table"> <thead> <tr> <th><strong>Affected Versions</strong></th> <th><strong>Patching Instructions</strong></th> </tr> </thead> <tbody> <tr> <td>VMware Cloud Foundation prior to 3.9.1</td> <td>Update to VMware Cloud Foundation 3.11.0.1 and above and apply workaround instructions</td> </tr> <tr> <td>VMware Cloud Foundation 3.9.1 and above</td> <td>Follow workaround instructions</td> </tr> </tbody> </table> </div> <p>For customers using VMware Cloud Foundation versions prior to 3.9.1, VMware recommends updating to VMware Cloud Foundation 3.11.0.1 first. Once updated, customers are instructed to follow VMware’s workaround instructions in the Knowledge Base article, <a href="https://kb.vmware.com/s/article/89809"><u>Applying NSX-V 6.4.14 patch on VMware Cloud Foundation 3.x (89809)</u></a>.</p> <h2>Identifying affected systems</h2> <p>A list of Tenable plugins to identify these vulnerabilities will appear <a href="https://www.tenable.com/plugins/search?q=cves%3A%28%22CVE-2021-39144%22+OR+%22CVE-2022-31678%22%29+AND+script_family%3A%28%22Misc.%22%29&sort=&page=1"><u>here</u></a> as they’re released. This link uses a search filter to ensure that all matching plugin coverage will appear as it is released. Additionally, plugin coverage specific to the XStream library (CVE-2021-39144) can be found <a href="https://www.tenable.com/plugins/search?q=cves%3A%28%22CVE-2021-39144%22%29&sort=&page=1"><u>here</u></a>.</p> <h3>Get more information</h3> <p><b><i>Join <a href="https://community.tenable.com/s/group/0F9f2000000fyxyCAA/cyber-exposure-alerts">Tenable’s Security Response Team</a> on the Tenable Community.</i></b></p> <p><b><i>Learn more about <a href="https://www.tenable.com/products">Tenable</a>, the first Cyber Exposure platform for holistic management of your modern attack surface.</i></b></p> <p><b><i>Get a <a href="https://www.tenable.com/products/tenable-io/vulnerability-management/evaluate">free 30-day trial</a> of Tenable.io Vulnerability Management. </i></b></p> </div> <p><script async src="//platform.twitter.com/widgets.js" charset="utf-8"></script><br /> <br /><br /> <br /><a href="https://www.tenable.com/blog/cve-2021-39144-vmware-patches-critical-cloud-foundation-vulnerability-in-xstream-open-source">Source link </a></p> </div><!-- .entry-content --> <footer class="entry-footer"> <span class="cat-links"> Posted in <a href="https://unifiedguru.com/category/rss_virtulization/" rel="category tag">RSS_Virtulization</a> </span> </footer><!-- .entry-footer --> </article><!-- #post-## --> <nav class="navigation post-navigation" aria-label="Posts"> <h2 class="screen-reader-text">Post navigation</h2> <div class="nav-links"><div class="nav-previous"><a href="https://unifiedguru.com/hive-ransomware-group-leaks-data-stolen-in-tata-power-cyber-attack/" rel="prev">Hive Ransomware Group Leaks Data Stolen in Tata Power Cyber-Attack</a></div><div class="nav-next"><a href="https://unifiedguru.com/leveraging-isa-iec-62443-to-secure-industrial-operations-is-easier-than-you-think/" rel="next">Leveraging ISA/IEC 62443 to secure industrial operations is easier than you think</a></div></div> </nav> </main><!-- #main --> </div><!-- #primary --> <div id="secondary-right" class="widget-area secondary-sidebar f-right clearfix" role="complementary"> <div id="sidebar-section-top" class="widget-area sidebar clearfix"> <aside id="newsletterwidget-10" class="widget widget_newsletterwidget"><h3 class="widget-title"><span>Subscribe For Updates</span></h3><div class="tnp tnp-subscription tnp-widget"> <form method="post" action="https://unifiedguru.com/wp-admin/admin-ajax.php?action=tnp&na=s"> <input type="hidden" name="nr" value="widget"> <input type="hidden" name="nlang" value=""> <div class="tnp-field tnp-field-firstname"><label for="tnp-1">Name</label> <input class="tnp-name" type="text" name="nn" id="tnp-1" value="" placeholder=""></div> <div class="tnp-field tnp-field-email"><label for="tnp-2">Email</label> <input class="tnp-email" type="email" name="ne" id="tnp-2" value="" placeholder="" required></div> <div class="tnp-field tnp-privacy-field"><label><input type="checkbox" name="ny" required class="tnp-privacy"> Subscribing I accept the privacy rules of this site</label></div><div class="tnp-field tnp-field-button" style="text-align: left"><input class="tnp-submit" type="submit" value="Subscribe Now For Updates" style=""> </div> </form> </div> </aside> </div> <div id="sidebar-section-cat-one" class="widget-area sidebar clearfix"> <div class="widget"> <h2 class="block-title"><span class="bordertitle-red"></span>VMWARE</h2> <div class="featured-post-sidebar"> <figure class="post-thumb clearfix"> <a href="https://unifiedguru.com/helping-public-sector-organisations-define-cloud-strategy/" title="Helping Public Sector Organisations Define Cloud Strategy" ><img post-id="1207" fifu-featured="1" src="https://simoncranney.files.wordpress.com/2019/10/cropped-network.jpeg?w=200" alt="Helping Public Sector Organisations Define Cloud Strategy" title="Helping Public Sector Organisations Define Cloud Strategy" title="Helping Public Sector Organisations Define Cloud Strategy" /></a> </figure> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>October 29, 2020</div> <h3><a href="https://unifiedguru.com/helping-public-sector-organisations-define-cloud-strategy/" title="Helping Public Sector Organisations Define Cloud Strategy" >Helping Public Sector Organisations Define Cloud Strategy</a></h3> <p class="side-excerpt">Introduction Cloud computing services have grown exponentially in</p> </div> </div> <div class="featured-post-sidebar"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>May 18, 2016</div> <h3><a href="https://unifiedguru.com/how-to-change-the-vlan-id-of-the-service-console-in-esx-from-the-command-lineconsole/" title="How to change the VLAN ID of the Service Console in ESX from the command line/console" >How to change the VLAN ID of the Service Console in ESX from the command line/console</a></h3> </div> </div> <div class="featured-post-sidebar"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>June 09, 2015</div> <h3><a href="https://unifiedguru.com/cisco-ucs-and-vmware-interfaces-vnics-ha-design-considerations/" title="Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations" >Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations</a></h3> </div> </div> <div class="featured-post-sidebar"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>June 07, 2015</div> <h3><a href="https://unifiedguru.com/troubleshooting-network-and-tcpudp-port-connectivity-issues-on-esxesxi2020669/" title="Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)" >Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)</a></h3> </div> </div> <div class="featured-post-sidebar"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>May 12, 2015</div> <h3><a href="https://unifiedguru.com/vsphere-client-parameters/" title="vSphere Client Parameters" >vSphere Client Parameters</a></h3> </div> </div> <div class="view-all-link"><a href="https://unifiedguru.com/category/vmware/" title="View All">View All</a></div> </div> </div> <div id="sidebar-section-cat-two" class="widget-area sidebar clearfix"> <div class="widget"> <h2 class="block-title"><span class="bordertitle-red"></span>Configuration Templates</h2> <div class="featured-post-sidebar clearfix"> <figure class="post-thumb clearfix"> </figure> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>February 16, 2015</div> <h3><a href="https://unifiedguru.com/cue-licenses/" title="CUE Licenses" >CUE Licenses</a></h3> <p class="side-excerpt">Note: Useful LINK COPIED FROM OTHER SOURCE FOR REFERENCE INTRODUCTION</p> </div> </div> <div class="featured-post-sidebar clearfix"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>February 02, 2015</div> <h3><a href="https://unifiedguru.com/trouble-shooting-unity-express-with-call-manager-integeration-operational-issues/" title="Trouble shooting Unity Express with Call Manager Integeration & Operational Issues" >Trouble shooting Unity Express with Call Manager Integeration & Operational Issues</a></h3> </div> </div> <div class="featured-post-sidebar clearfix"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>November 08, 2014</div> <h3><a href="https://unifiedguru.com/%ef%bb%bfcme-configuration-example-sip-trunks-to-viatalk-and-voip-ms/" title="CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms" >CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms</a></h3> </div> </div> <div class="featured-post-sidebar clearfix"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>November 08, 2014</div> <h3><a href="https://unifiedguru.com/sip-phone-registration-cme-configuration/" title="SIP Phone registration – CME Configuration" >SIP Phone registration – CME Configuration</a></h3> </div> </div> <div class="featured-post-sidebar clearfix"> <div class="post-desc"> <div class="post-date"><i class="fa fa-calendar"></i>November 08, 2014</div> <h3><a href="https://unifiedguru.com/cue-voicemail-vpim-networking-cue-to-unity/" title="CUE Voicemail + VPIM networking (CUE to unity)" >CUE Voicemail + VPIM networking (CUE to unity)</a></h3> </div> </div> <div class="view-all-link"><a href="https://unifiedguru.com/category/configuration-templates/" title="View All">View All</a></div> </div> </div> </div> </div><!-- #content --> </div><!-- content-wrapper--> <footer id="colophon" class="site-footer clearrfix" role="contentinfo"> <div class="wrapper footer-wrapper clearfix"> <div class="top-bottom clearfix"> <div id="footer-top"> </div><!-- #foter-top --> <div id="footer-bottom"> </div><!-- #foter-bottom --> </div><!-- top-bottom--> <div class="footer-copyright border t-center"> <p> Copyright 2016. All rights reserved </p> <div class="site-info"> <a href="https://wordpress.org/">Proudly powered by WordPress</a> <span class="sep"> | </span> Profitmag by <a href="http://rigorousthemes.com/" rel="designer">Rigorous Themes</a> </div><!-- .site-info --> </div> </div><!-- footer-wrapper--> </footer><!-- #colophon --> </div><!-- #page --> <div class="a2a_kit a2a_kit_size_32 a2a_floating_style a2a_default_style" style="bottom:0px;left:0px;background-color:#23d5db"><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2021-39144-vmware-patches-critical-cloud-foundation-vulnerability-in-xstream-open-source-library%2F&linkname=CVE-2021-39144%3A%20VMware%20Patches%20Critical%20Cloud%20Foundation%20Vulnerability%20in%20XStream%20Open%20Source%20Library" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2021-39144-vmware-patches-critical-cloud-foundation-vulnerability-in-xstream-open-source-library%2F&linkname=CVE-2021-39144%3A%20VMware%20Patches%20Critical%20Cloud%20Foundation%20Vulnerability%20in%20XStream%20Open%20Source%20Library" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_pinterest" href="https://www.addtoany.com/add_to/pinterest?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2021-39144-vmware-patches-critical-cloud-foundation-vulnerability-in-xstream-open-source-library%2F&linkname=CVE-2021-39144%3A%20VMware%20Patches%20Critical%20Cloud%20Foundation%20Vulnerability%20in%20XStream%20Open%20Source%20Library" title="Pinterest" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2021-39144-vmware-patches-critical-cloud-foundation-vulnerability-in-xstream-open-source-library%2F&linkname=CVE-2021-39144%3A%20VMware%20Patches%20Critical%20Cloud%20Foundation%20Vulnerability%20in%20XStream%20Open%20Source%20Library" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_whatsapp" href="https://www.addtoany.com/add_to/whatsapp?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2021-39144-vmware-patches-critical-cloud-foundation-vulnerability-in-xstream-open-source-library%2F&linkname=CVE-2021-39144%3A%20VMware%20Patches%20Critical%20Cloud%20Foundation%20Vulnerability%20in%20XStream%20Open%20Source%20Library" title="WhatsApp" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_print" href="https://www.addtoany.com/add_to/print?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2021-39144-vmware-patches-critical-cloud-foundation-vulnerability-in-xstream-open-source-library%2F&linkname=CVE-2021-39144%3A%20VMware%20Patches%20Critical%20Cloud%20Foundation%20Vulnerability%20in%20XStream%20Open%20Source%20Library" title="Print" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_google_gmail" href="https://www.addtoany.com/add_to/google_gmail?linkurl=https%3A%2F%2Funifiedguru.com%2Fcve-2021-39144-vmware-patches-critical-cloud-foundation-vulnerability-in-xstream-open-source-library%2F&linkname=CVE-2021-39144%3A%20VMware%20Patches%20Critical%20Cloud%20Foundation%20Vulnerability%20in%20XStream%20Open%20Source%20Library" title="Gmail" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div><div class="mb_supershare_holder"> <div id="openModal" class="mb_supershare_modalDialog"> <div style="background:url(https://unifiedguru.com/wp-content/plugins/super-share/img/struckaxiom.png) repeat;"> <div class="mb_supershare_ribbon"><div class="mb_supershare_ribbon-stitches-top"></div><strong class="mb_supershare_ribbon-content"><span style="font-size: 24px; line-height: 2;"> Love This Article? Spread It. </span></strong><div class="mb_supershare_ribbon-stitches-bottom"></div></div> <div class="mb_supershare_close">X</div> <!-- facebook need this script --> <div id="fb-root"></div> <script>(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_US/all.js#xfbml=1"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));</script> <div class="social_icons_style" style="width:320px; margin-left:25px; margin-top:20px; margin 0 auto; overflow:visible"> <ul> <li style="overflow:hidden; width: 49px;"> <!-- facebook like button --> <div class="fb-like" data-href="https://unifiedguru.com:443/cve-2021-39144-vmware-patches-critical-cloud-foundation-vulnerability-in-xstream-open-source-library/" data-width="450" data-height="The pixel height of the plugin" data-colorscheme="light" data-layout="box_count" data-action="like" data-show-faces="false" data-send="false"></div> </li> <li> <!-- G+ button --> <!-- Place this tag where you want the +1 button to render. --> <div class="g-plusone" data-size="tall" data-href=""></div> <!-- Place this tag after the last +1 button tag. --> <script type="text/javascript"> (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })(); </script> </li> <li> <!-- Twitter button --> <a href="https://twitter.com/share" class="twitter-share-button" data-url="" data-via="" data-lang="en" data-related="anywhereTheJavascriptAPI" data-count="vertical">Tweet</a> <script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="https://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script> </li> <li> <!-- Linkedin button --> <script src="//platform.linkedin.com/in.js" type="text/javascript"></script> <script type="IN/Share" data-url="" data-counter="top"></script> </li> <li> <!-- StumbleUpon button --> <!-- Place this tag where you want the su badge to render --> <su:badge layout="5" location=""> </su:badge> <!-- Place this snippet wherever appropriate --> <script type="text/javascript"> (function() { var li = document.createElement('script'); li.type = 'text/javascript'; li.async = true; li.src = ('https:' == document.location.protocol ? 'https:' : 'http:') + '//platform.stumbleupon.com/1/widgets.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(li, s); })(); </script> </li> </ul> </div> </div> <!--DIV--> </div> <!--modalDialog--> </div> <!--mb_supershare_holder--> <script> jQuery(document).ready(function($) { $is_closed="no"; jQuery(document).scroll(function() { if(jQuery('article').length){ //For typical wordpress templates $afterpost = jQuery("article").position().top + jQuery("article").height()-(jQuery("article").height()/3); } else { //For Thesis framework $afterpost = jQuery(".content").position().top + jQuery(".post_box").height()-(jQuery(".post_box").height()/3); } if(jQuery(window).scrollTop() >= $afterpost && $is_closed=="no"){ jQuery(".mb_supershare_modalDialog").css({"display":"block"}); jQuery(".mb_supershare_modalDialog").animate({opacity:"1"},1000); } else{ jQuery(".mb_supershare_modalDialog").css({"display":"none"}); } }); jQuery(".mb_supershare_close").bind("click", function() { jQuery(".mb_supershare_modalDialog").fadeOut("slow"); $is_closed="yes"; setTimeout(function() { jQuery(".mb_supershare_modalDialog").css({"display":"none"}); }, 2000); }); }); </script> <script type='text/javascript'> const lazyloadRunObserver = () => { const lazyloadBackgrounds = document.querySelectorAll( `.e-con.e-parent:not(.e-lazyloaded)` ); const lazyloadBackgroundObserver = new IntersectionObserver( ( entries ) => { entries.forEach( ( entry ) => { if ( entry.isIntersecting ) { let lazyloadBackground = entry.target; if( lazyloadBackground ) { lazyloadBackground.classList.add( 'e-lazyloaded' ); } lazyloadBackgroundObserver.unobserve( entry.target ); } }); }, { rootMargin: '200px 0px 200px 0px' } ); lazyloadBackgrounds.forEach( ( lazyloadBackground ) => { lazyloadBackgroundObserver.observe( lazyloadBackground ); } ); }; const events = [ 'DOMContentLoaded', 'elementor/lazyload/observe', ]; events.forEach( ( event ) => { document.addEventListener( event, lazyloadRunObserver ); } ); </script> <script type="text/javascript" src="https://unifiedguru.com/wp-includes/js/dist/hooks.min.js?ver=2810c76e705dd1a53b18" id="wp-hooks-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e6" id="wp-i18n-js"></script> <script type="text/javascript" id="wp-i18n-js-after"> /* <![CDATA[ */ wp.i18n.setLocaleData( { 'text direction\u0004ltr': [ 'ltr' ] } ); /* ]]> */ </script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=6.0" id="swv-js"></script> <script type="text/javascript" id="contact-form-7-js-before"> /* <![CDATA[ */ var wpcf7 = { "api": { "root": "https:\/\/unifiedguru.com\/wp-json\/", "namespace": "contact-form-7\/v1" } }; /* ]]> */ </script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/contact-form-7/includes/js/index.js?ver=6.0" id="contact-form-7-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/jquery.bxslider.js?ver=6.6.2" id="bxslider-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/jquery.ticker.js?ver=6.6.2" id="ticker-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/jquery.mCustomScrollbar.min.js?ver=1.0.0" id="mCustomScrollbar-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/jquery.mousewheel.min.js?ver=2.0.19" id="mousewheel-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/navigation.js?ver=20120206" id="profitmag-navigation-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/keyboard-navigation.js?ver=20120206" id="profitmag-keyboard-navigation-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/themes/profitmag/js/custom.js?ver=1.0" id="profitmag-custom-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/slidedeck/js/jail.js?ver=5.4.1" id="jail-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/slidedeck/js/jquery-mousewheel/jquery.mousewheel.min.js?ver=3.0.6" id="scrolling-js-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/slidedeck/js/jquery.easing.1.3.js?ver=1.3" id="jquery-easing-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/slidedeck/js/slidedeck.jquery.js?ver=1.4.1" id="slidedeck-library-js-js"></script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/slidedeck/js/slidedeck-public.js?ver=5.4.1" id="slidedeck-public-js"></script> <script type="text/javascript" src="https://platform.twitter.com/widgets.js?ver=1316526300" id="twitter-intent-api-js"></script> <script type="text/javascript" id="fifu-json-ld-js-extra"> /* <![CDATA[ */ var fifuJsonLd = {"url":"https:\/\/www.tenable.com\/sites\/default\/files\/styles\/640x360\/public\/images\/articles\/Blog-Research-CEA-POC-Max-Quality_2.jpg?itok=eufPz7qW"}; /* ]]> */ </script> <script type="text/javascript" src="https://unifiedguru.com/wp-content/plugins/featured-image-from-url/includes/html/js/json-ld.js?ver=4.9.4" id="fifu-json-ld-js"></script> <script type="text/javascript"> var slideDeck2URLPath = "https://unifiedguru.com/wp-content/plugins/slidedeck"; var slideDeck2iframeByDefault = false; </script> </body> </html>