In response to VMware published details of two newly disclosed vulnerabilities in VMware vRealize Operations, expert commented below.
Experts Comments
Dot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Researchers have disclosed a pair of vulnerabilities in VMware’s vRealize Operations (vROPs). The most severe flaw, CVE-2021-21975, is a server-side request forgery (SSRF) vulnerability in the vROPs Manager API. An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted request to the vulnerable vROPs Manager API endpoint. Successful exploitation would result in the attacker obtaining administrative credentials.
VMware also patched CVE-2021-21983, an
.....Read MoreResearchers have disclosed a pair of vulnerabilities in VMware’s vRealize Operations (vROPs). The most severe flaw, CVE-2021-21975, is a server-side request forgery (SSRF) vulnerability in the vROPs Manager API. An unauthenticated, remote attacker could exploit this vulnerability by sending a specially crafted request to the vulnerable vROPs Manager API endpoint. Successful exploitation would result in the attacker obtaining administrative credentials.
VMware also patched CVE-2021-21983, an arbitrary file write vulnerability in the VROPs Manager API, which can be used to write files to the underlying operating system. This vulnerability is post-authentication, meaning an attacker needs to be authenticated with administrative credentials in order to exploit this flaw.
While on their own, these vulnerabilities may not seem as severe as CVE-2021-21972, a remote code execution vulnerability in VMware’s vCenter Server that was patched in February. However, if attackers chain both CVE-2021-21975 and CVE-2021-21983 together, they could also gain remote code execution privileges.
VMware has provided patches for both flaws across vROPs Manager versions 7.5.0 through 8.3.0. They’ve also provided a temporary workaround to prevent attackers from exploiting these flaws. The workaround should only be used as a temporary stop-gap until organizations are able to plan for applying the patches.
Read LessLinkedin Message
@Satnam Narang, Senior Research Engineer, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"his vulnerability is post-authentication, meaning an attacker needs to be authenticated with administrative credentials in order to exploit this flaw...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/chained-vulnerabilities-in-vmware-vrealize-operations-could-lead-to-unauthenticated-remote-code-execution
Facebook Message
@Satnam Narang, Senior Research Engineer, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"his vulnerability is post-authentication, meaning an attacker needs to be authenticated with administrative credentials in order to exploit this flaw...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/chained-vulnerabilities-in-vmware-vrealize-operations-could-lead-to-unauthenticated-remote-code-execution