VMware Issues Urgent Warning About Critical File Upload Vulnerability in vCenter Server

On September 22, 2021, VMware released a bulletin detailing up to 19 vulnerabilities in vCenter Server and Cloud Foundation appliances that could be exploited by remote attackers to gain control of affected systems. The most pressing concern is an arbitrary file upload vulnerability in the Analytics service (CVE-2021-22005), which affects vCenter Server versions 6.7 and 7.0. According to VMware, “A malicious actor with network access to port 443 on vCenter Server could exploit this issue to execute code by uploading a specially crafted file.” The company emphasized that this vulnerability is accessible to anyone who can reach vCenter Server over the network, irrespective of its configuration settings. While VMware has provided temporary workarounds for this issue, they caution that these measures are intended only as a stopgap until proper updates can be deployed.

VMware Issues Urgent Advisory on Critical File Upload Vulnerability in vCenter Server

On September 22, 2021, VMware issued a critical alert highlighting the discovery of 19 vulnerabilities within its vCenter Server and Cloud Foundation appliances. These vulnerabilities pose significant risks, allowing remote attackers the potential to gain control over affected systems. The most pressing concern is an arbitrary file upload vulnerability identified in the Analytics service, assigned CVE-2021-22005, which affects both vCenter Server 6.7 and 7.0.

According to VMware, this vulnerability allows an attacker with network access to port 443 on the vCenter Server to execute malicious code by uploading a specially crafted file. The company emphasized that this flaw can be exploited by anyone with network access to vCenter Server, irrespective of the system’s configuration settings. This broad accessibility raises serious concerns for organizations that rely on these systems for virtualization management.

Although VMware has provided workarounds to mitigate the risk associated with this vulnerability, these measures are intended as temporary solutions until official software updates can be rolled out. Business owners are urged to prioritize the implementation of these interim solutions while monitoring VMware’s announcements for further guidance on permanent fixes.

The implications of this vulnerability extend beyond mere technical concerns; organizations could face significant operational disruptions if targeted. With the increasingly sophisticated tactics employed by cyber adversaries, it is critical for businesses to remain vigilant. According to the MITRE ATT&CK Matrix, tactics relevant to this situation may include initial access and privilege escalation, which outline how attackers might exploit such vulnerabilities to gain entry and extend their control over systems.

As threats to cybersecurity become more pervasive, this incident serves as a stark reminder of the importance of proactive measures and timely updates in safeguarding valuable digital assets. Organizations are encouraged to assess their own environments for exposure to this vulnerability and to take defensive actions accordingly.

In light of the evolving landscape of cyber risks, business leaders must stay informed and engaged with their IT security teams to ensure that vulnerabilities like those in VMware’s offerings do not compromise their operational integrity. The necessity for robust cybersecurity practices cannot be overstated, particularly as attackers continue to refine their techniques to exploit known weaknesses.

While VMware’s advisory outlines immediate threats, it also highlights the broader challenges of maintaining secure information systems in an ever-changing digital realm. Stakeholders should remain alert and prepared to respond to incidents, fostering a culture of security awareness that extends throughout their organizations.

Source link

Related Posts

Critical Remote Code Execution Vulnerability Found in Multiple Netgear Router Models

On September 22, 2021, networking company Netgear alerted users about a critical remote code execution (RCE) vulnerability, identified as CVE-2021-40847 (CVSS score: 8.1), affecting various router models. This weakness could allow remote attackers to gain control of affected systems. Netgear has released firmware updates to address the issue for the following models:

  • R6400v2 (version 1.0.4.120)
  • R6700 (version 1.0.2.26)
  • R6700v3 (version 1.0.4.120)
  • R6900 (version 1.0.2.26)
  • R6900P (version 3.3.142_HOTFIX)
  • R7000 (version 1.0.11.128)
  • R7000P (version 1.3.3.142_HOTFIX)
  • R7850 (version 1.0.5.76)
  • R7900 (version 1.0.4.46)
  • R8000 (version 1.0.4.76)
  • RS400 (version 1.5.1.80)

Security researcher Adam Nichols from GRIMM noted that the vulnerability is linked to Circle, a third-party component integrated into the router firmware.

Critical Security Updates for Apple iOS and macOS Released to Address Actively Exploited Vulnerabilities

September 24, 2021

On Thursday, Apple launched important security updates to tackle multiple vulnerabilities in older iOS and macOS versions, which have been exploited in real-world attacks. This release also expands on previous patches for a security flaw targeted by NSO Group’s Pegasus spyware aimed at iPhone users.

Notably, CVE-2021-30869, a type confusion vulnerability within Apple’s XNU kernel, could allow malicious apps to execute arbitrary code with elevated privileges. Apple has improved state handling to mitigate this issue. Google’s Threat Analysis Group, which reported the vulnerability, noted it was being exploited alongside a remote code execution vulnerability affecting WebKit.

Additionally, Apple addressed two more vulnerabilities, CVE-2021-30858 and CVE-2021-30860, which were patched earlier this month.

Cisco Issues Patches for Three Critical Vulnerabilities in IOS XE Software

On September 24, 2021, Cisco Systems announced the release of patches to address three critical security vulnerabilities in its IOS XE network operating system. These flaws could allow remote attackers to execute arbitrary code with administrative privileges and potentially trigger a denial-of-service (DoS) condition on affected devices. The identified vulnerabilities are as follows:

  • CVE-2021-34770 (CVSS score: 10.0) – Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Remote Code Execution Vulnerability
  • CVE-2021-34727 (CVSS score: 9.8) – Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability
  • CVE-2021-1619 (CVSS score: 9.8) – Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability

The most critical issue, CVE-2021-34770, is described by Cisco as a “logic error” occurring during the processing of CAPWAP (Control and Provisioning of Wireless Access Points) packets, which allows a central wireless controller to manage access points.