Patch This Remote Code Execution Vulnerability In VMWare vCenter Now
Limited Time Offer!
For Less Than the Cost of a Starbucks Coffee, Access All DevOpsSchool Videos on YouTube Unlimitedly.
Master DevOps, SRE, DevSecOps Skills!
Source:-https://mytechdecisions.com/
VMWare is urging users to apply a patch to address two critical vulnerabilities in VMware vCenter and VMware Cloud Foundation to fix remote code execution and authentication vulnerabilities.
According to the company’s advisory, multiple vulnerabilities in the vSphere Client were privately reported to VMware., including remote code execution vulnerability in the vSphere Client due to a lack of input in the Virtual SAN Health Check plug-in, which is enabled by default in the vCenter Server.
“VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8,” the company said in its advisory.
The company also published a blog on the vulnerabilities, saying users of vCenter Server version 6.5, 6.7 and 7.0 need to apply the updates immediately.
“These updates fix a critical security vulnerability, and it needs to be considered at once. Organizations that practice change management using the ITIL definitions of change types would consider this an “emergency change.” All environments are different, have different tolerance for risk, and have different security controls & defense-in-depth to mitigate risk, so the decision on how to proceed is up to you. However, given the severity, we strongly recommend that you act.”
With access to port 443, a malicious actor can exploit the vulnerability to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server, VMware said.
According to the company’s blog, the remote code execution vulnerability in the vSAN plugin – which ships as part of vCenter Server – can be used by anyone who can reach vCenter Server over the network to gain access, regardless of whether a vSAN is used or not.
A second vulnerability in the vSphere Client could allow a malicious actor with access to port 443 on vCenter Server to perform actions allowed by the impacted plug-ins without authentication.
The update also improves the vCenter Server plugin framework to better enforce plugin authentication. This could cause some third-party plugins to stop working, VMware says.
If your IT department can’t patch right away and don’t use vSAN, there are workarounds for disabling the plugins affected. That involves editing a text file on the VCSA and restarting services.
However, the company cautions putting off the patch – especially as ransomware attacks increase.
“In this era of ransomware it is safest to assume that an attacker is already inside the network somewhere, on a desktop and perhaps even in control of a user account, which is why we strongly recommend declaring an emergency change and patching as soon as possible.”