VMware Has Fixed a Vulnerability Discovered by Positive Technologies


Positive Technologies expert Egor Dimitrenko discovered a high severity vulnerability in VMware vSphere Replication data replication tool. This solution provides the ability to create backups of virtual machines and start them in case of a failure of the primary virtual machine. The error allowed attackers who had access to the VMware vSphere Replication administrator web interface to execute arbitrary code on the server with maximum privileges and begin moving inside the network to take control of the corporate infrastructure .


The security flaw was given CVE-2021-21976 and a CVSS v3 score of 7.2.


"Vulnerabilities that allow performing this kind of attack (Command Injection) are quite common in administration products , explains Yegor Dimitrenko . -Typically, such errors are caused by insufficient validation of user input, which subsequently ends up in the context of invoking system commands. Mechanisms for preventing such attacks are usually built into developer tools, protecting against the possibility of making mistakes when writing code. However, there are still anomalies in the code that have arisen, for example, when a new feature is hastily introduced or as a result of fixing an existing problem with hotfixes. To exploit a vulnerability found in a VMware product, an attacker needs credentials that can be obtained through the use of weak passwords or through social engineering attacks . "


To eliminate the vulnerability, you must follow the recommendations from formal notice to VMware. If it is not possible to install an update, then it is possible to detect signs of penetration using SIEM-class systems, which help to identify suspicious behavior on the server, register an incident and promptly stop the advance of intruders within the corporate network (this is how the MaxPatrol SIEM system works, for example).


In September 2020, Positive Technologies specialists discovered vulnerabilities of the same class (allowing to perform Command Injection) in PAN-OS, the operating system used by Palo Alto Networks' next generation firewalls (NGFW)

Previous Post Next Post