Chained Vulnerabilities in VMware vRealize Operations Could Lead to Unauthenticated Remote Code Execution

In response to VMware published details of two newly disclosed vulnerabilities in VMware vRealize Operations, expert commented below.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Satnam Narang
Satnam Narang , Senior Research Engineer
InfoSec Expert
March 31, 2021 1:25 pm

<p style=\"font-weight: 400;\">Researchers have disclosed a pair of vulnerabilities in VMware’s vRealize Operations (vROPs). The most severe flaw, CVE-2021-21975, is a server-side request forgery (SSRF) vulnerability in the vROPs Manager API. An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted request to the vulnerable vROPs Manager API endpoint. Successful exploitation would result in the attacker obtaining administrative credentials. </p> <p> </p> <p style=\"font-weight: 400;\">VMware also patched CVE-2021-21983, an arbitrary file write vulnerability in the VROPs Manager API, which can be used to write files to the underlying operating system. This vulnerability is post-authentication, meaning an attacker needs to be authenticated with administrative credentials in order to exploit this flaw.</p> <p> </p> <p style=\"font-weight: 400;\">While on their own, these vulnerabilities may not seem as severe as <a href=\"\" data-saferedirecturl=\"\">CVE-2021-21972</a>, a remote code execution vulnerability in VMware’s vCenter Server that was patched in February. However, if attackers chain both CVE-2021-21975 and CVE-2021-21983 together, they could also gain remote code execution privileges.</p> <p> </p> <p style=\"font-weight: 400;\">VMware has provided patches for both flaws across vROPs Manager versions 7.5.0 through 8.3.0. They’ve also provided a temporary workaround to prevent attackers from exploiting these flaws. The workaround should only be used as a temporary stop-gap until organizations are able to plan for applying the patches.</p>

Last edited 1 year ago by Satnam Narang
Would love your thoughts, please comment.x