A crucial vulnerability within the VMware Carbon Black Cloud Workload equipment might be exploited to bypass authentication and take management of weak methods.
Tracked as CVE-2021-21982, the flaw is rated 9.1 out of a most of 10 within the CVSS scoring system and impacts all variations of the product previous to 1.0.1.
Carbon Black Cloud Workload is a knowledge middle safety product from VMware that goals to guard crucial servers and workloads hosted on vSphere, the corporate’s cloud-computing virtualization platform.
“A URL on the executive interface of the VMware Carbon Black Cloud Workload equipment will be manipulated to bypass authentication,” VMware said in its advisory, thereby permitting an adversary with community entry to the interface to achieve entry to the administration API of the equipment.
Armed with the entry, a malicious actor can then view and alter administrative configuration settings, the corporate added.
Along with releasing a repair for CVE-2021-21982, VMware has additionally addressed two separate bugs in its vRealize Operations Supervisor resolution that an attacker may exploit with community entry to the API to hold out Server Aspect Request Forgery (SSRF) assaults to steal administrative credentials (CVE-2021-21975) and write recordsdata to arbitrary places on the underlying photon working system (CVE-2021-21983).
The product is primarily designed to watch and optimize the efficiency of the digital infrastructure and assist options corresponding to workload balancing, troubleshooting, and compliance administration.
Egor Dimitrenko, a safety researcher with Optimistic Applied sciences, has been credited with reporting all three flaws.
“The primary threat is that administrator privileges enable attackers to use the second vulnerability—CVE-2021-21983 (an arbitrary file write flaw, scored 7.2), which permits executing any instructions on the server,” Dimitrenko said. “The mixture of two safety flaws makes the state of affairs much more harmful, because it permits an unauthorized attacker to acquire management over the server and transfer laterally inside the infrastructure.”
VMware has launched patches for vRealize Operations Supervisor variations 7.0.0, 7.5.0, 8.0.1, 8.1.1, 8.2.0 and eight.3.0. The corporate has additionally revealed workarounds to mitigate the dangers related to the failings in situations the place the patch can’t be put in or will not be accessible.