CMS Magento developers prepared a patch that fixes a 10-point RCE vulnerability in the e-commerce…
“vSphere Replication contains a post-authentication command injection vulnerability in “Startup Configuration” page. VMware has evaluated this issue to be ‘Important’ severity. A malicious actor with administrative access in vSphere Replication can execute shell commands on the underlying system. Successful exploitation of this issue may allow authenticated admin user to perform a remote code execution”, — say VMware representatives in the official vulnerability notice.
The issue is identified as CVE-2021-21976 and is rated 7.2 out of 10 on the CVSS v3.
According to expert Yegor Dimitrienko, vulnerabilities that allow performing this kind of attack (command injection) are quite common in administration products.
“Typically, such errors are caused by insufficient validation of user input, which subsequently ends up in the context of invoking system commands. Mechanisms for preventing such attacks are usually built into developer tools, protecting against the possibility of making mistakes when writing code. However, there are still anomalies in the code, for example while introducing new functionality or fixing an existing problem with hotfixes”, – explains Yegor Dimitrenko.
To exploit a vulnerability found in a VMware product, an attacker would need credentials that could be obtained through weak passwords or social engineering attacks.
To eliminate the vulnerability, experts advise to follow the recommendations from the official notice from VMware.
Let me remind you that we have already talked about the vulnerabilities in VMware products. For example, we recently reported that Vulnerabilities in VMWare ESXi are exploited to encrypt virtual disks. And even earlier that VMware patches 0-day vulnerability discovered by NSA.
Held Virus Ransomware Held is a harmful software application working as common ransomware. Michael Gillespie,…
Netsmediashub.com is a domain that tries to force you into clik to its browser notifications…
News-bhexusa.xyz is a domain that tries to trick you into clik to its browser notifications…
News-bhupotu.xyz is a domain that tries to trick you into subscribing to its browser notifications…
News-bhocime.info is a site that tries to trick you into subscribing to its browser notifications…
You-hub.online is a site that tries to force you into clik to its browser notifications…