Security News > 2023 > January > Researchers to release VMware vRealize Log RCE exploit, patch now
Security researchers with Horizon3's Attack Team will release an exploit targeting a vulnerability chain next week for gaining remote code execution on unpatched VMware vRealize Log Insight appliances.
Now known as VMware Aria Operations for Logs, vRealize Log Insight makes it easier for VMware admins to analyze and manage terabytes of infrastructure and application logs.
On Tuesday, VMware patched four security vulnerabilities in this log analysis tool, two of which are critical and allow attackers to execute code remotely without authentication.
On Thursday, Horizon3's Attack Team warned VMware admins that they've been able to create an exploit that chains three of the four flaws patched by VMware this week to execute code remotely as root.
All vulnerabilities are exploitable in the default configuration of VMware vRealize Log Insight appliances.
In May 2022, Horizon3 released another exploit for CVE-2022-22972, a critical authentication bypass vulnerability affecting multiple VMware products and allowing threat actors to gain admin privileges.
News URL
Related news
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-20 | CVE-2022-22972 | Unspecified vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. | 9.8 |