Security News > 2021 > April > VMware patches critical vRealize Operations flaws that could lead to RCE
Two vulnerabilities recently patched by VMware in its vRealize Operations platform can be chained together to achieve unauthenticated remote code execution on the underlying operating system, Positive Technologies researchers have found.
There is no PoC currently available and no mention of the vulnerabilities being exploited in the wild.
VMware vRealize Operations vulnerabilities could lead to RCE. VMware vRealize Operations is a unified, AI-powered platform for IT operations management for private, hybrid, and multi-cloud environments.
It is available on premises and as SaaS. Both vulnerabilities are in the vRealize Operations Manager API. CVE-2021-21975 is a Server Side Request Forgery flaw that could be exploited remotely by an unauthenticated attacker to steal administrative credentials, and CVE-2021-21983 is an arbitrary file write vulnerability that could allow an authenticated remote attacker to write files to arbitrary locations on the underlying operating system.
The vulnerabilities are present in vRealize Operations Manager 7.5.0, 8.0.1, 8.0.0, 8.1.1, 8.1.0, 8.2.0, and 8.3.0, and also impact VMware Cloud Foundation versions 3.x and 4.x and vRealize Suite Lifecycle Manager v8.
Security researcher Egor Dimitrenko of Positive Technologies has been credited with discovering and reporting the vulnerabilities to VMware.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/BdXreyOvnec/
Related news
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- HPE warns of critical RCE flaws in Aruba Networking access points (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Veeam warns of critical RCE bug in Service Provider Console (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-31 | CVE-2021-21975 | Server-Side Request Forgery (SSRF) vulnerability in VMWare products Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials. | 7.5 |
2021-03-31 | CVE-2021-21983 | Unspecified vulnerability in VMWare products Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system. | 6.5 |