Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Vmware Ransomware – Alarm Over Critical Severity Bug!

Vmware Ransomware – Alarm Over Critical Severity Bug!

VMware’s virtualisation management platform, vCenter Server, has a critical severity bug the company is urging customers to patch “as soon as possible”.

VMware patched a critical bug impacting its vCenter Server platform with a severity rating of 9.8 out of 10. The company stated the flaw could allow a remote attacker to exploit its products & take control of a company’s affected system.

Patch Systems

VMware went a step further on Tues., calling on IT security teams – already on high alert over an increase in costly & destructive ransomware attacks – to patch systems fast.

“In this era of ransomware it is safest to assume that an attacker is already inside the network somewhere, on a desktop & perhaps even in control of a user account, which is why we strongly recommend declaring an emergency change & patching as soon as possible,” wrote VMware’s Bob Plankers, Technical Marketing Architect in a Tues. post.

Critical Mass?

The vulnerability, tracked as CVE-2021-21985, impacts vCenter Server platforms, which is in widespread use & used to administer VMware’s market leading vSphere & ESXi host products.

Claire Tills, a Senior Research Engineer with Tenable wrote in a post commenting on the bug, “patching these flaws should be a top priority. Successful exploitation would allow an attacker to execute arbitrary commands on the underlying vCenter host.”

Tills note exploiting the vulnerability is trivial. All an attacker would need to do is be able to access vCenter Server over port 443, she wrote. “Even if an organisation has not exposed vCenter Server externally, attackers can still exploit this flaw once inside a network.”

Rapid 7

Kenna Security’s Director of Security Research Jerry Gamblin, however noted estimates of how many networks are vulnerable to attacks is relatively small.

“Some early research from Rapid 7 shows that only around 6K’s VCenters are exposed directly to the internet, which makes the ‘blast radius’ tiny & the initial entry point into a network unlikely with this pair of CVES,” Gamblin wrote.

Gamblin is referring to both the critical CVE-2021-21985 bug & a 2nd vulnerability reported by VMware on Tues., CVE-2021-21986. This 2nd bug has a medium CVSS severity rating of 6.5 & is tied to an authentication mechanism issue in vCenter Server plugins.

Critical Bug

Workarounds & updates are available to mitigate both flaws, according to VMware.

“The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server,” VMware’s security bulletin states for the critical (CVE-2021-21985) bug. “The affected Virtual SAN Health Check plug-in is enabled by default in all vCenter Server deployments, whether or not vSAN is being used.”

Storage Solution

VMware’s Virtual San (or vSAN) is a software-defined storage solution that typically supports hyper-converged infrastructure. The Health Check plug-in “checks to monitor the status of cluster components, diagnose issues, & troubleshoot problems,” according to a VMware description of the tool.

VMware credited the researcher identified only as “Ricter Z” of 360 Noah Lab for finding the bug.

https://www.cybernewsgroup.co.uk/virtual-conference-june-2021/

 

SHARE ARTICLE