Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Saturday, 9 December, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

VMware urges customers to patch critical vulnerabilities in vRealize Operations platform

Two highly rated security issues that interact with each other inherently increases the severity of the issue

by Sabina
March 31, 2021
in News
VMware Introduces Industry’s First Service-Defined Firewall To Help Better Protect Apps And Data On-Premises And In the Cloud.
Share on FacebookShare on Twitter

Cloud computing and visualisation software and services provider VMware has patched a serious vulnerability that could have led an attacker to steal admin credentials in vRealize Operations.

In an advisory published on Tuesday, the company stated that “multiple vulnerabilities in VMware vRealize Operations were privately reported to VMware.” In the same announcement, VMware said that patches and workarounds are now available to address these vulnerabilities in impacted products and warned customers that the issues were evaluated to be of “Important” severity.

CVE-2021-21975 would allow a malicious actor with network access to the vRealize Operations Manager API to perform a Server Side Request Forgery attack to steal administrative credentials.

CVE-2021-21983 could allow an authenticated malicious actor with network access to the vRealize Operations Manager API to write files to arbitrary locations on the underlying photon operating system.

Security professionals provided the following advice on these security issues:

Michael Barragry, operations lead at Edgescan: 

A prerequisite for these vulnerabilities is network access to the vRealize Operations Manager API. This illustrates how a layered, defense-in-depth strategy can help mitigate unforeseen vulnerabilities – in this case restricting access to the API could make the difference between being exploited or not.

APIs can often prove to be a bit of a blind spot for organisations, as various endpoints are often spun up as part of out-of-the-box deployments. These can be missed, or just forgotten about over time. Maintaining an accurate picture of all exposed infrastructure and services is critical to minimize risk of attack.

Lewis Jones, threat intelligence analyst at Talion:

The successful exploit of these vulnerabilities could allow an attacker remote access without user interaction to steal administrative credentials. This comes just months after Russian hackers reportedly exploited a VMWare bug to plant web shells inside hacked networks and pivot to Microsoft ADFS servers from where they steal sensitive data.

Users of VMware are advised to apply the security updates swiftly but have provided a workaround for users unable to do so. To work around this issue, you will have to remove a configuration line from the casa-security-context.xml file and restart the CaSA service on the affected device.

Vulnerabilities are routinely exploited by threat attackers. Exploitation of vulnerabilities often requires fewer resources as compared with zero-day exploits for which no patches are available. As highlighted by the recent Microsoft Exchange attacks, once a vulnerability is publicly disclosed threat attackers quickly switch attack method to exploit the vulnerability before patches are applied. This emphasizes the importance of swift action by organisations, who should quickly follow the recommended actions and implement the security updates.

Stephen Kapp, CTO and CISO at Cortex Insight:

The highlighted issues within the fixed released by VMWare show the importance of understanding vulnerability interactions and the concept of vulnerability chaining. Understanding vulnerability interactions within an environment are important, in this VMWare instance both issues are rated by VMware as ‘Important’ and both have a ‘High’ banded CVSS rated score. Individually this would be enough for most organisations to have the updates applied quickly, although details are sparse within the released information so gaining an understanding of the issue interactions is key to making an informed decision to prioritise remediation measures.

Two highly rated security issues that interact in a way that could improve the effectiveness of the other inherently increases the severity of the issue and thus warrants a more timely remediation response. But this can be said of lower severity issues, combining issues to improve the effectiveness is nothing new, but so many organisations fail to account for these interactions in their remediation efforts.

FacebookTweetLinkedIn
ShareTweet
Previous Post

UK Cyber Security Council Becomes Independent Entity

Next Post

Why are you ignoring NIST, NSA and the NCSC?

Recent News

New Synopsys Report Reveals Application Security Automation Soars

December 5, 2023
Over 80% of IT Leaders Want to Move Their On-Prem PAM Solution to the Cloud

Over 80% of IT Leaders Want to Move Their On-Prem PAM Solution to the Cloud

December 5, 2023
Centripetal real logo

Centripetal Announces Partnership With Tiger to Provide Cybersecurity Innovation to the UK Market

December 7, 2023
Google bins inactive accounts

Google bins inactive accounts

December 1, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information