VMware has released updates to fix four vulnerabilities in its vRealize Log Insight product. Two of the flaws are critical: a directory traversal vulnerability and a broken access control vulnerability. Both could be exploited to achieve remote code execution. The other fixed flaws are a deserialization vulnerability that could be exploited to create denial of service conditions, and an information disclosure vulnerability.
Note
- There are a lot of software components to the VMware infrastructure. Kinda like SolarWinds, VMware has a high market share in data centers, and those VMware software components are installed with access at the heart of business networks. This means VMware is an obvious high leverage/high priority target for very sophisticated attackers, just as Solar Winds was. This particular log management software vulnerability by itself may not rate as top priority but use VMware’s CVSS score of 9.8 to drive a check on patch levels on all VMware installs.
- The VMware vRealize issue is yet another string of issues plaguing VMWare. While it may not be as popular as vCenter, it is considered core infrastructure in many companies. Most of these items stay unpatched for years. Patch your VMware kit. When doing Red Team assessments on internal networks, we often find ways into VMware backends as they are often unpatched.
- Deploy the updated version of vRealize Log Insight. Yes, there is a workaround, and it makes tasks like adding nodes to clusters more manual. Read and understand the entire workaround before moving forward, which will likely take more time than patching.
Read more in
