Urgent Security Alert: Critical RCE Flaw Discovered in VMware vCenter Server – Immediate Patching Recommended!

May 26, 2021

VMware has issued patches to fix a severe security vulnerability in vCenter Server that could allow attackers to execute arbitrary code on the server. Identified as CVE-2021-21985 (with a CVSS score of 9.8), this vulnerability arises from insufficient input validation in the Virtual SAN (vSAN) Health Check plug-in, which is enabled by default in vCenter Server. According to VMware, “An attacker with network access to port 443 could exploit this vulnerability to run commands with unrestricted privileges on the underlying operating system hosting vCenter Server.”

VMware vCenter Server is a management tool for controlling virtual machines, ESXi hosts, and other related components from a centralized interface. The flaw impacts vCenter Server versions 6.5, 6.7, and 7.0, as well as Cloud Foundation versions 3.x and 4.x. VMware has acknowledged Ricter Z from 360 Noah Lab for reporting this critical vulnerability. The patch also addresses an authentication issue…

Critical Vulnerability Discovered in VMware vCenter Server — Urgent Patching Required

On May 26, 2021, VMware announced the release of critical patches designed to mitigate a significant security vulnerability in its vCenter Server. This flaw, classified as CVE-2021-21985, boasts a CVSS score of 9.8, indicating its severity. The vulnerability arises from inadequate input validation within the Virtual SAN (vSAN) Health Check plug-in, a component that is enabled by default in vCenter Server installations.

According to VMware, attackers with network access to port 443 could exploit this vulnerability to execute arbitrary commands with unrestricted privileges on the underlying operating system hosting the vCenter Server. Given the wide-ranging functionality of VMware vCenter Server, which centralizes the management of virtual machines, ESXi hosts, and associated components, the risk posed by this vulnerability could have significant operational impacts for affected users.

The flaw affects specific versions of vCenter Server, including 6.5, 6.7, and 7.0, as well as Cloud Foundation versions 3.x and 4.x. Recognizing the seriousness of this issue, VMware credited Ricter Z of 360 Noah Lab for reporting the vulnerability, underscoring the collaborative nature of the cybersecurity community in identifying and addressing potential threats.

Organizations utilizing affected VMware products are strongly advised to apply the available patches as soon as possible to prevent exploitation. Failure to address this vulnerability could expose systems to unauthorized access and potentially severe repercussions, such as data breaches or service disruptions.

From a cybersecurity standpoint, the tactics and techniques potentially employed in such an attack can be understood through the MITRE ATT&CK framework. Initial access could be gained via reconnaissance efforts to identify vulnerable systems, followed by exploitation using techniques that facilitate privilege escalation. Once inside, an adversary may establish persistence to maintain access, further complicating response efforts.

As businesses increasingly rely on virtualized environments for their operations, understanding and mitigating such vulnerabilities is paramount. This incident serves as a potent reminder of the importance of proactive cybersecurity measures, particularly in the face of sophisticated attack vectors that target widely used enterprise software.

In summary, VMware’s prompt response to disclose and patch this vulnerability reinforces the critical importance of vigilance in cybersecurity. Business owners must remain vigilant, ensuring that their systems are up-to-date and that their security protocols are robust enough to withstand potential incursions. The nature of this vulnerability and its exploitation risks highlight the ongoing threats that digital infrastructures face in today’s rapidly evolving technological landscape.

Source link

Related Posts

Newly Identified Vulnerabilities in VSCode Extensions May Facilitate Supply Chain Attacks

May 27, 2021

Critical security vulnerabilities found in widely used Visual Studio Code extensions have the potential to allow attackers to compromise both local machines and build systems through a developer’s integrated development environment (IDE). These at-risk extensions could be leveraged to execute arbitrary code remotely on a developer’s system, potentially opening the door to supply chain attacks. Notable vulnerable extensions include “LaTeX Workshop,” “Rainbow Fart,” “Open in Default Browser,” and “Instant Markdown,” which collectively have garnered around two million installations. Researchers from the open-source security platform Snyk highlighted that “Developer machines usually hold significant credentials, enabling them (directly or indirectly) to interact with various parts of the product.” The exposure of a developer’s private key could allow a malicious actor to replicate critical assets…

Critical 0-Day Vulnerability in Popular WordPress Plugin Affects Over 17,000 Sites

On June 2, 2021, it was revealed that the Fancy Product Designer plugin for WordPress, used on more than 17,000 websites, contains a dangerous file upload vulnerability. This flaw is currently being exploited by attackers to insert malware into affected sites. The threat intelligence team at Wordfence, which identified the vulnerability, reported the issue to the plugin’s developer on May 31. Despite acknowledgment of the problem, no fix has been implemented yet. Fancy Product Designer allows businesses to offer customizable products, enabling customers to upload images and PDFs for items like T-shirts and phone cases. Unfortunately, although the plugin had some security measures, they were inadequate and easily bypassed, allowing the upload of malicious PHP files to any site using the plugin.

Researchers Warn of Severe Vulnerabilities in Realtek Wi-Fi Module

A recent disclosure has unveiled critical vulnerabilities in the Realtek RTL8170C Wi-Fi module, which could be exploited by attackers to gain elevated privileges and take control of wireless communications. According to experts from the Israeli IoT security firm Vdoo, “Successful exploitation would grant complete control over the Wi-Fi module and potentially root access to the OS (such as Linux or Android) of embedded devices utilizing this module.” The Realtek RTL8710C Wi-Fi SoC serves as the foundation for Ameba, an Arduino-compatible platform designed for diverse IoT applications across sectors including agriculture, automotive, energy, healthcare, industrial, security, and smart home technologies. These vulnerabilities impact all embedded and IoT devices that utilize this component for Wi-Fi connectivity and necessitate that an attacker be on the same Wi-Fi network as the targeted devices.

Yesterday’s Vulnerabilities Are Tomorrow’s Challenges

June 03, 2021

Major software vulnerabilities are an ongoing reality, as evidenced by Microsoft’s patching of between 55 and 110 vulnerabilities each month this year, with 7% to 17% classified as critical. May recorded the lowest number of vulnerabilities, totaling 55, with only four deemed critical. Alarmingly, many of these critical vulnerabilities are familiar foes, such as remote code execution and privilege escalation. Microsoft isn’t alone in this; companies like Apple, Adobe, Google, and Cisco also issue regular security updates to address significant vulnerabilities.

With major flaws affecting so many applications, can we envision a secure future? The answer is yes, but the road ahead will undoubtedly present challenges. Although these vulnerabilities may not be new to seasoned defenders, adversaries continuously adapt and exploit these weaknesses.