Positive Technologies Finds Vulnerability in VMware vRealize Cloud Tool

Positive Technologies Finds Dangerous Vulnerability in VMware vRealize Cloud Tool

Written by Edward Gately
May 17, 2021

This vulnerability is ranked as critical because a cybercriminal could take full control of the server.

Positive Technologies has uncovered a dangerous vulnerability in VMware vRealize Business for Cloud, and is asking organizations to install fixes ASAP.

VMWare designed vRealize Business for Cloud for cloud cost analysis. It helps organizations visualize and plan expenses and compare business indicators. VMware patched the flaw and published a security advisory.

Egor Dimitrenko is a Positive Technologies researcher. He discovered the vulnerability and said it’s ranked as critical. That’s because it allows an unauthenticated criminal to take full control of the server and attack the organization’s infrastructure.

“That’s why it is very important to install the fixes provided by the vendor asap,” he said.

Due to the incorrect configuration of the application, an unidentified attacker could gain access to the built-in update mechanism, Dimitrenko said. This function allows them to execute arbitrary commands on the server by exploiting the legitimate mechanism for installing new versions of the product.

Insufficient testing of new functionality at the time of release caused the flaws, he said.

More Severe than Previous VMware Vulnerability

“This vulnerability is more severe than our finding in VMware vSphere Replication,” Dimitrenko said. “That’s because no permission is required to perform an attack for the latest flaw. But VMware vRealize Business for Cloud isn’t found as frequently on the internet as VMware vCenter. We previously discovered a vulnerability affecting this product that would allow attackers to execute arbitrary commands, compromise the vCenter Server, and gain access to sensitive data.”

To fix the vulnerability, businesses should follow the recommendations from VMware‘s official notice. If organizations can’t install the update, they can detect signs of penetration. They can do with a security information and event management (SIEM) solution.

SIEM helps identify suspicious behavior on the server and register an incident. It also prevent intruders from moving laterally within the corporate network.

Earlier this month, Positive Technologies identified new vulnerabilities in Cisco firewalls that could cause denial of service and block access to corporate networks. The two vulnerabilities are in the Adaptive Security Appliance and Firepower Threat Defense within Cisco hardware firewalls. Cisco has patched both.