• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
critical vmware cloud director bug could let hackers takeover entire

Critical VMware Cloud Director Bug Could Let Hackers Takeover Entire Cloud Infrastructure

You are here: Home / General Cyber Security News / Critical VMware Cloud Director Bug Could Let Hackers Takeover Entire Cloud Infrastructure
April 15, 2022

Cloud computing and virtualization technology company VMWare on Thursday rolled out an update to resolve a critical security flaw in its Cloud Director product that could be weaponized to launch remote code execution attacks.

The issue, assigned the identifier CVE-2022-22966, has a CVSS rating of 9.1 out of a utmost of 10. VMware credited security researcher Jari Jääskelä with reporting the flaw.

CyberSecurity

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“An authenticated, substantial privileged destructive actor with network access to the VMware Cloud Director tenant or company may possibly be ready to exploit a distant code execution vulnerability to acquire access to the server,” VMware claimed in an advisory.

As the main cloud infrastructure management platform, VMware Cloud Director (formerly vCloud Director) is employed by many effectively-recognised cloud providers to operate and regulate their cloud infrastructures. Half a million VMware customers use the software program to operate the world’s sophisticated digital infrastructure.

The vulnerability could, in other phrases, conclude up allowing for attackers to acquire access to delicate data and just take above private clouds inside of an overall infrastructure.

Affected variations incorporate 10.1.x, 10.2.x, and 10.3.x, with fixes offered in variations 10.1.4.1, 10.2.2.3, and 10.3.3. The business has also published workarounds that can be followed when upgrading to a proposed model is not an option.

The patches get there a day soon after exploits for a further a short while ago fixed critical flaw in VMware Workspace One particular Access were detected in the wild.

CyberSecurity

The flaw (CVE-2022-22954) relates to a distant code execution vulnerability that stems from server-side template injection in VMware Workspace One particular Accessibility and Id Supervisor.

With VMware merchandise normally turning out to be a lucrative goal for danger actors, the update adds to the urgency for companies to apply important mitigations to reduce potential threats.

Identified this report intriguing? Follow THN on Fb, Twitter  and LinkedIn to read more unique material we publish.


Some sections of this write-up are sourced from:
thehackernews.com

Previous Post: «google releases urgent chrome update to patch actively exploited zero day Google Releases Urgent Chrome Update to Patch Actively Exploited Zero-Day Flaw
Next Post: As State-Backed Cyber Threats Grow, Here’s How the World Is Reacting as state backed cyber threats grow, here's how the world is»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors
  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless

Copyright © TheCyberSecurity.News, All Rights Reserved.