News

VMware Developers Fixed Serious Vulnerability In vSphere Replication

Positive Technologies expert Egor Dimitrenko discovered a high severity vulnerability in VMware vSphere Replication data replication tool. This solution allows creating backups of virtual machines and start them in case of failure of the main virtual machine.

The found error allowed attackers that had access to the VMware vSphere Replication admin web interface to execute arbitrary code on the server with maximum privileges and begin moving inside the network to take control of the corporate infrastructure.

“vSphere Replication contains a post-authentication command injection vulnerability in “Startup Configuration” page. VMware has evaluated this issue to be ‘Important’ severity. A malicious actor with administrative access in vSphere Replication can execute shell commands on the underlying system. Successful exploitation of this issue may allow authenticated admin user to perform a remote code execution”, — say VMware representatives in the official vulnerability notice.

The issue is identified as CVE-2021-21976 and is rated 7.2 out of 10 on the CVSS v3.

According to expert Yegor Dimitrienko, vulnerabilities that allow performing this kind of attack (command injection) are quite common in administration products.

“Typically, such errors are caused by insufficient validation of user input, which subsequently ends up in the context of invoking system commands. Mechanisms for preventing such attacks are usually built into developer tools, protecting against the possibility of making mistakes when writing code. However, there are still anomalies in the code, for example while introducing new functionality or fixing an existing problem with hotfixes”, – explains Yegor Dimitrenko.

To exploit a vulnerability found in a VMware product, an attacker would need credentials that could be obtained through weak passwords or social engineering attacks.

To eliminate the vulnerability, experts advise to follow the recommendations from the official notice from VMware.

Let me remind you that we have already talked about the vulnerabilities in VMware products. For example, we recently reported that Vulnerabilities in VMWare ESXi are exploited to encrypt virtual disks. And even earlier that VMware patches 0-day vulnerability discovered by NSA.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Held Virus Removal Guide (+Decrypt .held files)

Held Virus Ransomware Held is a harmful software application working as common ransomware. Michael Gillespie,…

22 hours ago

Remove Netsmediashub pop-up ads (Virus Removal Guide)

Netsmediashub.com is a domain that tries to force you into clik to its browser notifications…

2 days ago

Remove News-bhexusa.xyz pop-up ads (Virus Removal Guide)

News-bhexusa.xyz is a domain that tries to trick you into clik to its browser notifications…

3 days ago

Remove News-bhupotu.xyz pop-up ads (Virus Removal Guide)

News-bhupotu.xyz is a domain that tries to trick you into subscribing to its browser notifications…

3 days ago

Remove News-bhocime.info pop-up ads (Virus Removal Guide)

News-bhocime.info is a site that tries to trick you into subscribing to its browser notifications…

3 days ago

Remove You-hub.online pop-up ads (Virus Removal Guide)

You-hub.online is a site that tries to force you into clik to its browser notifications…

3 days ago