Security News > 2020 > April > Hackers Can Compromise VMware vCenter Server Via Newly Patched Flaw
VMware has patched a critical vulnerability that can be exploited to compromise vCenter Server or other services that rely on the Directory Service for authentication.
The weakness impacts vCenter Server 6.7 on Windows and virtual appliances, and it has been patched with the 6.7u3f update.
The company noted that vCenter Server is affected only if the installation was upgraded from a previous version; the product is not impacted if the user directly installed version 6.7.
"Under certain conditions vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller, does not correctly implement access controls," VMware said in its advisory.
"A malicious actor with network access to an affected vmdir deployment may be able to extract highly sensitive information which could be used to compromise vCenter Server or other services which are dependent upon vmdir for authentication," the company added.
News URL
Related news
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- North Korean hackers employ new tactics to compromise crypto-related businesses (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)