Author: Melodie Foster

Date: 24th February 2021

 

Multiple critical remote code execution vulnerabilities were found in VMware ESXi and vSphere’s Client virtual infrastructure management platform that could have allowed attackers to take control of affected systems.

VMware said about the flaw, “A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.” VMware expanded on the exploitation of the vulnerability, “the error allows an unauthorized user to send a specially crafted request, which will later give them the opportunity to execute arbitrary commands on the server.”

If an attacker had accomplished this it would allow them to move through the corporate network and gain access to information such as system users.

A second vulnerability found stems from a Server-Side Request Forgery due to improper validation of URLs in the vCenter Server plugin.

The flaw has been given a CVSS score of 9.8 out of 10 which means it is critical. VMware have provided remediations to both flaws outlined above to be used temporarily until updates can be deployed. [1]

[1] https://thehackernews.com/2021/02/critical-rce-flaw-affects-vmware.html

 

Other resources

Cyberfort Colocation Services

Cyberfort has invested heavily in secure infrastructure, making us the perfect colocation service provider to host your mission-critical, sensitive and regulated data.
Find out more >

What can Cyberfort do for you?

Check out our factsheets for detailed information on the matrix of cybersecurity products and services we offer to protect your business.
Find out more >

Cyberfort Deep Dives

Cyberfort’s cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >