Security News > 2020 > April > Hackers Can Compromise VMware vCenter Server Via Newly Patched Flaw
VMware has patched a critical vulnerability that can be exploited to compromise vCenter Server or other services that rely on the Directory Service for authentication.
The weakness impacts vCenter Server 6.7 on Windows and virtual appliances, and it has been patched with the 6.7u3f update.
The company noted that vCenter Server is affected only if the installation was upgraded from a previous version; the product is not impacted if the user directly installed version 6.7.
"Under certain conditions vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller, does not correctly implement access controls," VMware said in its advisory.
"A malicious actor with network access to an affected vmdir deployment may be able to extract highly sensitive information which could be used to compromise vCenter Server or other services which are dependent upon vmdir for authentication," the company added.
News URL
Related news
- Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs (source)
- Linux version of new Cicada ransomware targets VMware ESXi servers (source)
- VMware ESXi Servers Targeted by New Ransomware Variant from Cicada3301 Group (source)
- Broadcom fixes critical RCE bug in VMware vCenter Server (source)
- VMware patches remote make-me-root holes in vCenter Server, Cloud Foundation (source)
- Critical VMware vCenter Server bugs fixed (CVE-2024-38812) (source)
- Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18 (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)