Security News > 2023 > January > Researchers to release VMware vRealize Log RCE exploit, patch now
Security researchers with Horizon3's Attack Team will release an exploit targeting a vulnerability chain next week for gaining remote code execution on unpatched VMware vRealize Log Insight appliances.
Now known as VMware Aria Operations for Logs, vRealize Log Insight makes it easier for VMware admins to analyze and manage terabytes of infrastructure and application logs.
On Tuesday, VMware patched four security vulnerabilities in this log analysis tool, two of which are critical and allow attackers to execute code remotely without authentication.
On Thursday, Horizon3's Attack Team warned VMware admins that they've been able to create an exploit that chains three of the four flaws patched by VMware this week to execute code remotely as root.
All vulnerabilities are exploitable in the default configuration of VMware vRealize Log Insight appliances.
In May 2022, Horizon3 released another exploit for CVE-2022-22972, a critical authentication bypass vulnerability affecting multiple VMware products and allowing threat actors to gain admin privileges.
News URL
Related news
- Exploit code released for critical Ivanti RCE flaw, patch now (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- Broadcom fixes critical RCE bug in VMware vCenter Server (source)
- Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution (source)
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-20 | CVE-2022-22972 | Unspecified vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. | 9.8 |