Security News > 2022 > June > Log4Shell Vulnerability Targeted in VMware Servers to Exfiltrate Data
The Cybersecurity and Infrastructure Security Agency and Coast Guard Cyber Command released a joint advisory warning the Log4Shell flaw is being abused by threat actors that are compromising public-facing VMware Horizon and Unified Access Gateway servers.
The VMware Horizon is a platform used by administrators to run and deliver virtual desktops and apps in the hybrid cloud, while UAG provides secure access to the resources residing inside a network.
The CGCYBER conducts a proactive threat hunting engagement at an organization that was compromised by the threat actors who exploited Log4Shell in VMware Horizon.
The attackers initially gain access to the victim's production environment, by exploiting Log4Shell in unpatched VMware Horizon servers.
Further analysis revealed that attackers with access to the organization test and production environment leveraged CVE-2022-22954, an RCE flaw in VMware workspace ONE access and Identity manager.
Organizations are advised to implement best practices for identity and access management by introducing multifactor authentication, enforcing strong passwords, and limited user access.
News URL
https://threatpost.com/log4shell-targeted-vmware-data/180072/
Related news
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-11 | CVE-2022-22954 | Code Injection vulnerability in VMWare products VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. | 9.8 |