Chained Vulnerabilities in VMware vRealize Operations Could Lead to Unauthenticated Remote Code Execution

In response to VMware published details of two newly disclosed vulnerabilities in VMware vRealize Operations, expert commented below.

Experts Comments

March 31, 2021
Satnam Narang
Senior Research Engineer
Tenable

Researchers have disclosed a pair of vulnerabilities in VMware’s vRealize Operations (vROPs). The most severe flaw, CVE-2021-21975, is a server-side request forgery (SSRF) vulnerability in the vROPs Manager API. An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted request to the vulnerable vROPs Manager API endpoint. Successful exploitation would result in the attacker obtaining administrative credentials. 

 

VMware also patched CVE-2021-21983, an

.....Read More

Researchers have disclosed a pair of vulnerabilities in VMware’s vRealize Operations (vROPs). The most severe flaw, CVE-2021-21975, is a server-side request forgery (SSRF) vulnerability in the vROPs Manager API. An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted request to the vulnerable vROPs Manager API endpoint. Successful exploitation would result in the attacker obtaining administrative credentials. 

 

VMware also patched CVE-2021-21983, an arbitrary file write vulnerability in the VROPs Manager API, which can be used to write files to the underlying operating system. This vulnerability is post-authentication, meaning an attacker needs to be authenticated with administrative credentials in order to exploit this flaw.

 

While on their own, these vulnerabilities may not seem as severe as CVE-2021-21972, a remote code execution vulnerability in VMware’s vCenter Server that was patched in February. However, if attackers chain both CVE-2021-21975 and CVE-2021-21983 together, they could also gain remote code execution privileges.

 

VMware has provided patches for both flaws across vROPs Manager versions 7.5.0 through 8.3.0. They’ve also provided a temporary workaround to prevent attackers from exploiting these flaws. The workaround should only be used as a temporary stop-gap until organizations are able to plan for applying the patches.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.