VMware Vulnerabilities

Positive Technologies expert Egor Dimitrenko has discovered two vulnerabilities in VMware vRealize Operations (vROps). The solution monitors and optimizes virtual infrastructure performance, and eliminates flaws in it.

The first and most dangerous vulnerability was detected in the vROps API. By exploiting this flaw, any unauthorized attacker can steal administrative credentials and get access to the application with maximum privileges. That allows changing the application configuration and intercepting any data within the app.

The main risk is that administrator privileges allow attackers to exploit the second vulnerability. It allows executing any commands on the server. The combination of two security flaws makes the situation even more dangerous, as it allows an unauthorized attacker to get control over the server and move laterally within the infrastructure.

“We are not aware that a vulnerability has been exploited in the wild, but we can say with certainty that such severe vulnerabilities are often used in attacks on companies’ infrastructure,”  Dimitrenko said. “The use of software assumes not only its initial setup, but also permanent and continuous service. If the vendor releases an update that includes a security fix, organizations should apply it in a timely manner. Also, don’t dismiss the additional protective measures, such as implementing SIEM systems in your infrastructure. If a company becomes a victim of an attack with zero-day vulnerabilities that are not publicly available and a vendor can’t provide a timely patch, protective software will stop the further lateral movement of attackers in the system.”