Lucene search

K
thn
The Hacker NewsTHN:4640BEB83FE3611B6867B05878F52F0D
HistoryApr 07, 2021 - 8:03 a.m.

Critical Auth Bypass Bug Found in VMware Data Center Security Product

2021-04-0708:03:00
The Hacker News
thehackernews.com
78

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:C/A:C

A critical vulnerability in the VMware Carbon Black Cloud Workload appliance could be exploited to bypass authentication and take control of vulnerable systems.

Tracked as CVE-2021-21982, the flaw is rated 9.1 out of a maximum of 10 in the CVSS scoring system and affects all versions of the product prior to 1.0.1.

Carbon Black Cloud Workload is a data center security product from VMware that aims to protect critical servers and workloads hosted on vSphere, the company’s cloud-computing virtualization platform.

“A URL on the administrative interface of the VMware Carbon Black Cloud Workload appliance can be manipulated to bypass authentication,” VMware said in its advisory, thereby allowing an adversary with network access to the interface to gain access to the administration API of the appliance.

Armed with the access, a malicious actor can then view and alter administrative configuration settings, the company added.

In addition to releasing a fix for CVE-2021-21982, VMware has also addressed two separate bugs in its vRealize Operations Manager solution that an attacker with network access to the API could exploit to carry out Server Side Request Forgery (SSRF) attacks to steal administrative credentials (CVE-2021-21975) and write files to arbitrary locations on the underlying photon operating system (CVE-2021-21983).

The product is primarily designed to monitor and optimize the performance of the virtual infrastructure and support features such as workload balancing, troubleshooting, and compliance management.

Egor Dimitrenko, a security researcher with Positive Technologies, has been credited with reporting all three flaws.

“The main risk is that administrator privileges allow attackers to exploit the second vulnerability—CVE-2021-21983 (an arbitrary file write flaw, scored 7.2), which allows executing any commands on the server,” Dimitrenko said. “The combination of two security flaws makes the situation even more dangerous, as it allows an unauthorized attacker to obtain control over the server and move laterally within the infrastructure.”

VMware has released patches for vRealize Operations Manager versions 7.0.0, 7.5.0, 8.0.1, 8.1.1, 8.2.0 and 8.3.0. The company has also published workarounds to mitigate the risks associated with the flaws in scenarios where the patch cannot be installed or is not available.

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Be first who know about 0-days in popular software

Do not waste time on finding information in tons of articles. Subscribe yourself and your colleagues on news and articles about products you need and you use!

Subscribe on news

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

8.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:C/A:C

Related for THN:4640BEB83FE3611B6867B05878F52F0D