Security News > 2020 > April > Hackers Can Compromise VMware vCenter Server Via Newly Patched Flaw
VMware has patched a critical vulnerability that can be exploited to compromise vCenter Server or other services that rely on the Directory Service for authentication.
The weakness impacts vCenter Server 6.7 on Windows and virtual appliances, and it has been patched with the 6.7u3f update.
The company noted that vCenter Server is affected only if the installation was upgraded from a previous version; the product is not impacted if the user directly installed version 6.7.
"Under certain conditions vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller, does not correctly implement access controls," VMware said in its advisory.
"A malicious actor with network access to an affected vmdir deployment may be able to extract highly sensitive information which could be used to compromise vCenter Server or other services which are dependent upon vmdir for authentication," the company added.
News URL
Related news
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities (source)
- APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP (source)