VMware Vulnerability (9.8/10 Severity)

Dismas · 06-05-2021, 01:20 AM

VMware is currently vulnerable to remote code execution, specific to vCenter.

Quote:A VMware vulnerability with a severity rating of 9.8 out of 10 is under active exploitation. At least one reliable exploit has gone public, and there have been successful attempts in the wild to compromise servers that run the vulnerable software.

The vulnerability, tracked as CVE-2021-21985, resides in the vCenter Server, a tool for managing virtualization in large data centers. A VMware advisory published last week said vCenter machines using default configurations have a bug that, in many networks, allows for the execution of malicious code when the machines are reachable on a port that is exposed to the Internet.

Read More: https://arstechnica.com/gadgets/2021/06/...out-of-10/

mothered · 06-05-2021, 03:52 AM

That's a high degree of severity.

It clearly shows that virtualization platforms are well and truly exploitable.

spontane · 06-05-2021, 04:00 AM

In fact there is a rat, FreakOut. Which I would like to get a copy of FreakOut.

Dismas · 06-06-2021, 05:39 PM

(06-05-2021, 03:52 AM)mothered Wrote: That's a high degree of severity.

It clearly shows that virtualization platforms are well and truly exploitable.

Sometimes people also place false confidence in virtualization, with the intent of preventing exploitation of the host. While vCenter is used for more scalable operations, it's definitely a mess.

mothered · 06-07-2021, 03:53 AM

(06-06-2021, 05:39 PM)Dismas Wrote: Sometimes people also place false confidence in virtualization, with the intent of preventing exploitation of the host.

Absolutely.

Given It's connected and communicating with the host, so too can a well crafted piece of malware.

fritz · 06-07-2021, 12:31 PM

Well it concerns vCenter Server only, most people aren't vulnerable. Fortunately most exploits aren't critical to common user, plus most of them are on vmware, I believe people often use VirtualBox.
Using virtualization to "prevent exploitation of the host" is still quite safe (but never 100% safe obviously) for a standard user

Dismas · 06-07-2021, 02:39 PM

(06-07-2021, 12:31 PM)fritz Wrote: Well it concerns vCenter Server only, most people aren't vulnerable. Fortunately most exploits aren't critical to common user, plus most of them are on vmware, I believe people often use VirtualBox.
Using virtualization to "prevent exploitation of the host" is still quite safe (but never 100% safe obviously) for a standard user

That's the only saving grace, really. Standard user will not be using vCenter, so poor life decisions will have no impact.