Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

VMware vCenter deployments under attack as enterprises urged to update systems

Attackers are actively exploiting a critical vulnerability in VMware vCenter Server that exposes vulnerable enterprise networks to the risk of infiltration.

The arbitrary file upload flaw (CVE-2021-22005) – one of a raft of vCenter vulnerabilities addressed by software updates released on September 21 – can be abused regardless of configuration settings, says VMware.

The situation was serious enough to prompt the US Cybersecurity and Infrastructure Security Agency (CISA) to warn on Friday (September 24) that “widespread exploitation” was likely after RCE exploits surfaced online.

On the same day, threat intelligence firm Bad Packets reported that it had indeed detected “mass scanning activity” against its VMware honeypots. VMware updated its security advisory on the same day to acknowledge that in-the-wild exploitation had been detected.

CISA has urged organizations with vulnerable installations to update their systems as soon as possible and apply a temporary workaround provided by VMware in the meantime.

Post-intrusion threat

As reported by The Daily Swig last week, VMware released patches for 19 CVEs in total, with high severity local privilege escalation (CVE-2021-21991), reverse proxy bypass (CVE-2021-22006), and unauthenticated API endpoint (CVE-2021-22011) vulnerabilities the most severe.

These lower impact flaws – ranging from CVSS 4.3 to 8.8 – could be leveraged to damaging effect once attackers get inside networks, VMware has warned.

“Attackers often compromise a desktop and/or user account on the corporate network, and then patiently and quietly use that to break into other systems over long periods of time,” the Palo Alto-based company said in a blog post.

“They steal confidential data, intellectual property, and at the end install ransomware and extort payments from their victims.”

The critical flaw, which has a CVSS of 9.8, affects vCenter Server versions 6.7 and 7.0 and Cloud Foundation versions 3.x and 4.x. Other flaws also affect vCenter Server 6.5.

Prime target

Infosec expert Kevin Beaumont praised VMware’s handling of the vulnerabilities last week, tweeting that “VMware do an incredible job nowadays of communicating high severity security vulnerabilities”.

However, VMware’s popularity among enterprises, many of which can be slow to update their systems, nevertheless makes its server virtualization technologies compelling targets for attackers.

In June, for instance, The Daily Swig reported that around 4,000 vCenter Server instances were still vulnerable to a pair of critical security flaws in vSphere Client (HTML5) three weeks after their disclosure.

And in February, it emerged that more than 6,000 vCenter installations were potentially at risk as attackers probed systems for the presence of another critical RCE vulnerability.

The Daily Swig has invited VMware to comment further, and we will update the article should they do so.

Advertisement. Scroll to continue reading.

Source: https://portswigger.net/daily-swig/vmware-vcenter-deployments-under-attack-as-enterprises-urged-to-update-systems

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

Zero Trust Data Access (ZTDA) constitutes a fundamental aspect of the wider Zero Trust security framework, which entails limiting data access. The Zero Trust security approach...

Cyber Security

New capabilities in Google Workspace will help enterprises improve account and data security, by making unauthorized takeover of admin and user accounts and exfiltration...

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO