Security News > 2020 > June > Critical VMware Cloud Director Flaw Lets Hackers Take Over Corporate Servers
Cybersecurity researchers today disclosed details for a new vulnerability in VMware's Cloud Director platform that could potentially allow an attacker to gain access to sensitive information and control private clouds within an entire infrastructure.
VMware Cloud Director is a popular deployment, automation, and management software that's used to operate and manage cloud resources, allowing businesses to data centers distributed across different geographical locations into virtual data centers.
The vulnerability impacts VMware Cloud Director versions 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4.
Modify the system database to access foreign virtual machines assigned to different organizations within Cloud Director.
"In general, cloud infrastructure is considered relatively safe because different security layers are being implemented within its core, such as encryption, isolating of network traffic, or customer segmentations. However, security vulnerabilities can be found in any type of application, including the Cloud providers themselves," Tomas Zatko, CEO of Citadelo, said.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/1LPKw-7UuUE/vmware-cloud-director-exploit.html
Related news
- Broadcom fixes critical RCE bug in VMware vCenter Server (source)
- VMware patches remote make-me-root holes in vCenter Server, Cloud Foundation (source)
- Critical VMware vCenter Server bugs fixed (CVE-2024-38812) (source)
- Week in review: Critical VMware vCenter Server bugs fixed, Apple releases iOS 18 (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution (source)
- Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks (source)