Read Time:1 Minute, 49 Second
VMware, Inc. is a software and services multinational corporation based in Palo Alto, California. The company designs various products for virtualisation, networking, security management, software-defined data centres, and storage.
In recent years, VMware has been criticised for multiple security vulnerabilities in its products. In July 2020, a critical vulnerability was discovered in the vCenter Server, allowing an unauthenticated attacker to control the server entirely. The company released a patch for this issue within days.
However, in August 2022, another critical vulnerability was found in the vCenter Server. This time, the vulnerability could allow an attacker to fully control the server without needing authentication. In response, VMware released an updated security advisory (VMSA-2022-0021). According to the advisory, network operators must install the most up-to-date patch to protect against the Java Database Connectivity (JDBC) Injection Remote Code Execution Vulnerability (CVE-2022-31665).
Three months earlier, VMware released two security advisories regarding various product vulnerabilities in April and May 2022. A malicious actor could exploit these vulnerabilities to trigger a server-side template injection, resulting in remote code execution (CVE-2022-22954); escalate privileges to ‘root’ (CVE-2022-22960 and CVE– 202221273); or obtain administrative access without needing authentication 3(VEAOCCE92).
“These two critical vulnerabilities should serve as a reminder that even well-patched systems can be at risk of attack,” says IT Pro Portal.
Additionally, the Australian Cyber Security Centre (ACSC) has seen nefarious actors trying to take advantage of a remote code execution (RCE) flaw in VMware products (CVE-2022-22955).In April 2022, VMware issued a security advisory warning of these flaws. If an RCE vulnerability is exploited, a malefactor may remotely install malware or seize control of the device.
The ACSC urges system administrators to take action and apply the relevant patches to their systems.
“By taking these steps, you will be protecting your organisation from a range of serious threats,” the Australian Cyber Security Centre said.
These multiple security vulnerabilities in VMware’s products should remind system administrators that even well-patched systems can be at risk of attack. It is imperative to take action and apply the relevant patches to systems to protect against potential threats.
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
0 %
0
0
