Security News > 2021 > April > VMware patches critical vRealize Operations flaws that could lead to RCE
Two vulnerabilities recently patched by VMware in its vRealize Operations platform can be chained together to achieve unauthenticated remote code execution on the underlying operating system, Positive Technologies researchers have found.
There is no PoC currently available and no mention of the vulnerabilities being exploited in the wild.
VMware vRealize Operations vulnerabilities could lead to RCE. VMware vRealize Operations is a unified, AI-powered platform for IT operations management for private, hybrid, and multi-cloud environments.
It is available on premises and as SaaS. Both vulnerabilities are in the vRealize Operations Manager API. CVE-2021-21975 is a Server Side Request Forgery flaw that could be exploited remotely by an unauthenticated attacker to steal administrative credentials, and CVE-2021-21983 is an arbitrary file write vulnerability that could allow an authenticated remote attacker to write files to arbitrary locations on the underlying operating system.
The vulnerabilities are present in vRealize Operations Manager 7.5.0, 8.0.1, 8.0.0, 8.1.1, 8.1.0, 8.2.0, and 8.3.0, and also impact VMware Cloud Foundation versions 3.x and 4.x and vRealize Suite Lifecycle Manager v8.
Security researcher Egor Dimitrenko of Positive Technologies has been credited with discovering and reporting the vulnerabilities to VMware.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/BdXreyOvnec/
Related news
- Fortinet warns of critical RCE bug in endpoint management software (source)
- Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (source)
- Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (source)
- Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks (source)
- HPE Aruba Networking fixes four critical RCE flaws in ArubaOS (source)
- Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-31 | CVE-2021-21975 | Server-Side Request Forgery (SSRF) vulnerability in VMWare products Server Side Request Forgery in vRealize Operations Manager API (CVE-2021-21975) prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API can perform a Server Side Request Forgery attack to steal administrative credentials. | 5.0 |
| 2021-03-31 | CVE-2021-21983 | Unspecified vulnerability in VMWare products Arbitrary file write vulnerability in vRealize Operations Manager API (CVE-2021-21983) prior to 8.4 may allow an authenticated malicious actor with network access to the vRealize Operations Manager API can write files to arbitrary locations on the underlying photon operating system. | 8.5 |