Security News > 2023 > March > CISA warns of critical VMware RCE flaw exploited in attacks

CISA has added a critical severity vulnerability in VMware's Cloud Foundation to its catalog of security flaws exploited in the wild.

The flaw was found in the XStream open-source library used by vulnerable VMware products and has been assigned an almost maximum severity score of 9.8/10 by VMware.

"Due to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation, a malicious actor can get remote code execution in the context of 'root' on the appliance," VMware explains.

VMware released security updates to address the CVE-2021-39144 flaw reported by Sina Kheirkhah of MDSec and Steven Seeley of Source Incite on October 25th. Because of the severity of the issue, VMware also issued patches for some end-of-life products.

CISA's decision to include the CVE-2021-39144 vulnerability in its Known Exploited Vulnerabilities catalog follows confirmation from VMware that the bug is being exploited in the wild.

With the flaw's addition to the KEV catalog, CISA has ordered U.S. federal agencies to secure their systems against attacks within three weeks, until March 31st, to thwart attacks that might target their networks.

News URL

https://www.bleepingcomputer.com/news/security/cisa-warns-of-critical-vmware-rce-flaw-exploited-in-attacks/