You are currently viewing VMware Fixes Critical Bugs that Can Be Chained Together to Gain RCE

VMware Fixes Critical Bugs that Can Be Chained Together to Gain RCE

  • Post author:
  • Reading time:4 mins read

VMware, the virtualization giant, has released two advisories addressing three critical vulnerabilities in multiple products. VMSA-2021-0004 advisory fixes CVE-2021-21975, CVE-2021-21983 can be chained together to gain remote code execution (RCE) on the affected system. The other, VMSA-2021-0005 advisory, addresses CVE-2021-21982. Egor Dimitrenko of Positive Technologies discovered the vulnerabilities and reported to VMware.

The affected products include the widely used VMware Carbon Black Cloud Workload appliance and VMware vRealize Operations. VMware Carbon Black Cloud Workload appliance is a Linux data center security software built to defend workloads running over virtualized environments. VMware vRealize Operations is a self-driving IT operations management for private, hybrid, and multi-cloud environments.


Server Side Request Forgery in vRealize Operations Manager API

The issue can be tracked as CVE-2021-21975. VMware has issued a patch on Tuesday for the SSRF flaw, which has been assigned the CVSS score of 8.6 and is rated as “Important” severity. The issue is in the vRealize Operations Manager API. The flaw could be used to abuse the functionality of the server. The flaw can be exploited by a remote unauthenticated attacker by sending a specially crafted request to a vulnerable vROps Manager API endpoint.

Successful exploitation of the flaw allows an attacker to perform a Server Side Request Forgery attack to steal administrative credentials.


Arbitrary file write vulnerability in vRealize Operations Manager API

The issue can be tracked as CVE-2021-21983. The arbitrary file write vulnerability has been assigned the CVSS score of 7.2 and is rated as “Important” severity. This is a post-authentication flaw, which means an attacker needs to be authenticated with administrative credentials and have network access to exploit the bug.

Successful exploitation of the flaw allows an attacker to write files to arbitrary locations on the underlying photon operating system.


Authentication bypass vulnerability in Carbon Black Cloud Workload appliance

The issue can be tracked as CVE-2021-21982. This flaw has been assigned with a maximum CVSS score of 9.1 and rated as “Critical” severity. The authentication bypass flaw can be exploited by an attacker with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance. The flaw can be exploited by malicious actors by manipulating an administrative interface URL to obtain valid authentication tokens.

Successful exploitation of the flaw allows an attacker to view and alter administrative configuration settings.


Affected Products

  • VMware vRealize Operations
  • VMware Cloud Foundation
  • VMware vRealize Suite Lifecycle Manager
  • VMware Carbon Black Cloud Workload appliance

Impact

Exploiting these vulnerabilities allows an attacker to access administrative credentials, view and alter administrative configuration settings, and write files to arbitrary locations.


Solution

The vendor has released the patches for the vulnerabilities. The advisories can be found below:

We recommend installing the necessary updates as soon as possible to stay protected.

With SanerNow, always be secure and get the best defense against such risks.