VMware has tackled several critical distant code execution (RCE) vulnerabilities in VMware ESXi and vSphere Consumer virtual infrastructure management system that could allow for attackers to execute arbitrary commands and take control of affected methods.
“A destructive actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating technique that hosts vCenter Server,” the company stated in its advisory.
The vulnerability, tracked as CVE-2021-21972, has a CVSS score of 9.8 out of a utmost of 10, building it critical in severity.
“In our opinion, the RCE vulnerability in the vCenter Server can pose no less a risk than the notorious vulnerability in Citrix (CVE-2019-19781),” claimed Optimistic Technologies’ Mikhail Klyuchnikov, who discovered and described the flaw to VMware.
“The error makes it possible for an unauthorized consumer to mail a specifically crafted request, which will afterwards give them the option to execute arbitrary instructions on the server.”
With this accessibility in location, the attacker can then correctly shift as a result of the corporate network and obtain obtain to the info saved in the susceptible process, these types of as info about virtual machines and procedure end users, Klyuchnikov noted.
Individually, a 2nd vulnerability (CVE-2021-21973, CVSS rating 5.3) permits unauthorized users to deliver Publish requests, allowing an adversary to mount further more attacks, which include the capability to scan the company’s inner network and retrieve details about the open up ports of many solutions.
The info disclosure issue, in accordance to VMware, stems from an SSRF (Server Side Request Forgery) vulnerability thanks to poor validation of URLs in the vCenter Server plugin.
VMware has also presented workarounds to remediate CVE-2021-21972 and CVE-2021-21973 briefly right up until the updates can be deployed. Comprehensive measures can be discovered in this article.
It is value noting that VMware rectified a command injection vulnerability in its vSphere Replication item (CVE-2021-21976, CVSS rating 7.2) earlier this month that could grant a lousy actor with administrative privileges to execute shell commands and reach RCE.
And lastly, VMware also solved a heap-overflow bug (CVE-2021-21974, CVSS rating 8.8) in ESXi’s support spot protocol (SLP), possibly making it possible for an attacker on the identical network to send out malicious SLP requests to an ESXi product and take command of it.
OpenSLP gives a framework to permit networking applications to learn the existence, area, and configuration of networked companies in company networks.
The most current resolve for ESXi OpenSLP comes on the heels of a comparable patch (CVE-2020-3992) last November that could be leveraged to result in a use-soon after-free of charge in the OpenSLP company, primary to distant code execution.
Not long just after, stories of energetic exploitation attempts emerged in the wild, with ransomware gangs abusing the vulnerability to get around unpatched digital machines deployed in organization environments and encrypt their digital challenging drives.
It’s really suggested that consumers set up the updates to do away with the risk affiliated with the flaws, in addition to “getting rid of vCenter Server interfaces from the perimeter of companies, if they are there, and allocate them to a separate VLAN with a limited access record in the inner network.”
Located this posting intriguing? Observe THN on Fb, Twitter and LinkedIn to examine additional special material we publish.
Some areas of this post are sourced from: