Security News > 2022 > June > Log4Shell Vulnerability Targeted in VMware Servers to Exfiltrate Data
The Cybersecurity and Infrastructure Security Agency and Coast Guard Cyber Command released a joint advisory warning the Log4Shell flaw is being abused by threat actors that are compromising public-facing VMware Horizon and Unified Access Gateway servers.
The VMware Horizon is a platform used by administrators to run and deliver virtual desktops and apps in the hybrid cloud, while UAG provides secure access to the resources residing inside a network.
The CGCYBER conducts a proactive threat hunting engagement at an organization that was compromised by the threat actors who exploited Log4Shell in VMware Horizon.
The attackers initially gain access to the victim's production environment, by exploiting Log4Shell in unpatched VMware Horizon servers.
Further analysis revealed that attackers with access to the organization test and production environment leveraged CVE-2022-22954, an RCE flaw in VMware workspace ONE access and Identity manager.
Organizations are advised to implement best practices for identity and access management by introducing multifactor authentication, enforcing strong passwords, and limited user access.
News URL
https://threatpost.com/log4shell-targeted-vmware-data/180072/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-11 | CVE-2022-22954 | Code Injection vulnerability in VMWare products VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. | 9.8 |