Security News > 2023 > January > Exploit released for critical VMware vRealize RCE vulnerability
Horizon3 security researchers have released proof-of-concept code for a VMware vRealize Log Insight vulnerability chain that allows attackers to gain remote code execution on unpatched appliances.
Earlier today, Horizon3 published the PoC exploit and explained that the RCE exploit "Abuses the various Thrift RPC endpoints to achieve an arbitrary file write."
Although there are no public reports of attacks leveraging this exploit chain and no attempts to exploit it in the wild, resourceful and motivated threat actors will likely move quickly to adopt Horizon3's RCE exploit or create their own custom versions.
Last year, Horizon3 researchers also released an exploit for CVE-2022-22972, a critical authentication bypass security flaw affecting multiple VMware products and allowing a malicious actor to gain admin privileges on unpatched instances.
Researchers to release VMware vRealize Log RCE exploit, patch now.
Exploit released for critical ManageEngine RCE bug, patch now.
News URL
Related news
- Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool (source)
- PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) (source)
- Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability (source)
- Exploit available for new critical TeamCity auth bypass bug, patch now (source)
- VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion (source)
- VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation (source)
- Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability (source)
- Fortinet warns of critical RCE bug in endpoint management software (source)
- Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) (source)
- Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-20 | CVE-2022-22972 | Unspecified vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. | 9.8 |