[German]VMware has fixed an authentication bypass vulnerability in data center security software with a patch. The security update should be installed as soon as possible.
Advertising
VMware Carbon Black Cloud Workload is Linux data center security software designed to protect workloads running in virtualized environments. VMware has now fixed a critical vulnerability in the VMware Carbon Black Cloud workload appliance that could allow attackers to bypass authentication after exploiting vulnerable servers. I had already caught it via subsequent tweet from Bleeping Computer and their article here.
Two vulnerabilities in VMware vRealize
VMware has also published security advisory VMSA-2021-0004 on two newly disclosed vulnerabilities in VMware vRealize Operations. Security expert Satnam Naran of Tenable, comments:
Security analysts have uncovered several vulnerabilities in VMware's vRealize Operations (vROPs). The most serious vulnerability, CVE-2021-21975, is a server-side request forgery (SSRF) vulnerability in the vROPs Manager API. An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted request to the vulnerable vROPs Manager API endpoint. If successfully exploited, the attacker would obtain administrative credentials.
VMware has also patched CVE-2021-21983, an arbitrary file write vulnerability in the vROPs Manager API that can be used to write files to the underlying operating system. This vulnerability occurs after authentication, meaning an attacker must authenticate with administrative credentials to exploit this vulnerability.
On their own, these vulnerabilities do not appear to be as severe as CVE-2021-21972, a remote code execution vulnerability in VMware's vCenter Server that was patched in February. However, if attackers chained both CVE-2021-21975 and CVE-2021-21983 together, they could also gain remote code execution privileges.
VMware has provided patches for both vulnerabilities in vROPs Manager versions 7.5.0 through 8.3.0. A temporary workaround has also been provided to prevent attackers from exploiting these vulnerabilities. The workaround should only be used as a temporary stopgap until organizations are able to schedule the application of the patches.
