Security News > 2022 > April > Critical VMware Cloud Director Bug Could Let Hackers Takeover Entire Cloud Infrastructure
Cloud computing and virtualization technology firm VMWare on Thursday rolled out an update to resolve a critical security flaw in its Cloud Director product that could be weaponized to launch remote code execution attacks.
"An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server," VMware said in an advisory.
As the leading cloud infrastructure management platform, VMware Cloud Director is used by many well-known cloud providers to operate and manage their cloud infrastructures.
Half a million VMware customers use the software to run the world's complex digital infrastructure.
The vulnerability could, in other words, end up allowing attackers to gain access to sensitive data and take over private clouds within an entire infrastructure.
The patches arrive a day after exploits for another recently fixed critical flaw in VMware Workspace ONE Access were detected in the wild.
News URL
https://thehackernews.com/2022/04/critical-vmware-cloud-director-bug.html
Related news
- CISA warns of hackers targeting critical oil infrastructure (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
- Kubernetes has grown up: From testbed to critical infrastructure (source)
- Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own (source)
- ⚡ Weekly Recap: APT Campaigns, Browser Hijacks, AI Malware, Cloud Breaches and Critical CVEs (source)
- Hackers are exploiting critical flaw in vBulletin forum software (source)
- Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI (source)
- Hacker selling critical Roundcube webmail exploit as tech info disclosed (source)
- New PathWiper Data Wiper Malware Disrupts Ukrainian Critical Infrastructure in 2025 Attack (source)
- New PathWiper data wiper malware hits critical infrastructure in Ukraine (source)