Unpatched Vulnerabilities in VMware Products May Lead to Enterprise Infrastructure Hijacking

Vulnerabilities in popular enterprise products from VMware have been an attractive target for hackers. The exploitation of vulnerabilities could lead hackers inside the corporate networks, as was seen in the case of the Echbot malware. Recently, VMware released patches for its cloud management products to ensure the security of its users.

VMware Cloud Director vulnerability

The security flaw identified in VMware Cloud Director could be used by attackers to take over private clouds.
  • This week, VMware patched an ‘important’ vulnerability in the VMware Cloud Director - the cloud service-delivery platform.
  • The bug, tracked as CVE-2020-3956, could be exploited to perform code execution attacks and take over private clouds. 
  • This bug was first discovered in April by the penetration testing firm Citadelo. Upon reporting the vulnerability to VMware, the company released a new patched version of the software, and also issued a security advisory about the same.

Other recent patches

VMware has been actively patching the vulnerabilities in its Enterprise products.
  • Recently, VMware disclosed workarounds for another major set of vulnerabilities in the “Salt” framework (CVE-2020-11651 and CVE-2020-11652), which directly affect VMware’s vRealize Operations Manager.
  • In March 2020, VMware had released security updates for its vCloud Director, ESXi, Workstation and Fusion products. The identified flaw (CVE-2019-5523) could allow a remote attacker to hijack session for the Tenant and Provider portals, impacting vCloud Director 9.5.x.

Staying protected

As an essential security best practice, always keep the software applications patched with the latest updates released from the vendor. Also, configuring an automated patch deployment environment can also help keep the IT infrastructure secure.