VMware warns admins of public exploit for vRealize RCE flaw

Trending 1 month ago
  1. Home
  2. Technology
  3. VMware warns admins of public exploit for vRealize RCE flaw

VMware

VMware warned customers connected Monday that proof-of-concept (PoC) utilization codification is now disposable for an authentication bypass flaw successful vRealize Log Insight (now known arsenic VMware Aria Operations for Logs).

"Updated VMSA to statement that VMware has confirmed that utilization codification for CVE-2023-34051 has been published," nan institution said successful an update to nan original advisory.

Tracked arsenic CVE-2023-34051, it allows unauthenticated attackers to execute codification remotely pinch guidelines permissions if definite conditions are met.

Successful exploitation hinges connected nan attacker compromising a big wrong nan targeted situation and possessing permissions to adhd an other interface aliases fixed IP address, according to Horizon3 information researchers who discovered nan bug.

Horizon3 published a method guidelines origin analysis for this information flaw connected Friday pinch further accusation connected really CVE-2023-34051 tin beryllium utilized to summation distant codification execution arsenic guidelines connected unpatched VMware appliances.

The information researchers besides released a PoC exploit and a database of indicators of discuss (IOCs) that web defenders could usage to observe exploitation attempts wrong their environments.

"This POC abuses IP reside spoofing and various Thrift RPC endpoints to execute an arbitrary record write," nan Horizon3 Attack Team said.

"The default configuration of this vulnerability writes a cron occupation to create a reverse shell. Be judge to alteration nan payload record to suit your environment.

"For this onslaught to work, an attacker must person nan aforesaid IP reside arsenic a maestro /worker node."

CVE-2023-34051PoC utilization tweet

​Bypass for a RCE utilization chain

This vulnerability is besides a bypass for an exploit concatenation of captious flaws patched by VMware successful January, enabling attackers to summation distant codification execution.

The first (CVE-2022-31706) is simply a directory traversal bug, nan 2nd (CVE-2022-31704) is simply a surgery entree power flaw, while nan third, an accusation disclosure bug (CVE-2022-31711), allows attackers to summation entree to delicate convention and exertion info,

Attackers tin concatenation these vulnerabilities (collectively tracked arsenic VMSA-2023-0001 by VMware) to inject maliciously crafted files into nan operating strategy of VMware appliances moving unpatched Aria Operations for Logs software.

When Horizon3 information researchers released a VMSA-2023-0001 PoC exploit 1 week aft nan institution pushed information updates, they explained that their RCE utilization "abuses nan various Thrift RPC endpoints to execute an arbitrary record write."

"This vulnerability is easy to utilization however, it requires nan attacker to person immoderate infrastructure setup to service malicious payloads," they said.

"Additionally, since this merchandise is improbable to beryllium exposed to nan internet, nan attacker apt has already established a foothold location other connected nan network.

However, threat actors often utilization vulnerabilities wrong antecedently compromised networks for lateral movement, making susceptible VMware appliances valuable soul targets.

In June, VMware warned customers astir another captious distant codification execution vulnerability successful VMware Aria Operations for Networks (tracked arsenic CVE-2023-20887) being exploited successful attacks.

Related Article

Russian military hackers target NATO fast reaction corps

Russian military hackers target NATO fast reaction corps

7 hours ago
23andMe updates user agreement to prevent data breach lawsuits

23andMe updates user agreement to prevent data breach lawsuits

8 hours ago
Windows 11 Notepad gets a built-in character counter, finally

Windows 11 Notepad gets a built-in character counter, finally

9 hours ago
WordPress fixes POP chain exposing websites to RCE attacks

WordPress fixes POP chain exposing websites to RCE attacks

9 hours ago
Russian pleads guilty to running crypto-exchange used by ransomware gangs

Russian pleads guilty to running crypto-exchange used by ransomware gangs

12 hours ago
UK and allies expose Russian FSB hacking group, sanction members

UK and allies expose Russian FSB hacking group, sanction members

12 hours ago

Trending

1. Brenda Lee
2. Pelicans
3. Alan Wake 2
4. Zappe
5. Hallmark
6. Copa America 2024
7. Steelers
8. Najee Harris
9. Bucks
10. Benny Blanco

Popular Article

Dell XPS 15 is still at its Black Friday and Cyber Monday price

Dell XPS 15 is still at its Black Friday and Cyber Monday price

19 hours ago
Belgian man charged with smuggling sanctioned military tech to Russia and China

Belgian man charged with smuggling sanctioned military tech to Russia and China

22 hours ago
Microsoft's code name for 64-bit Windows was also a dig at rival Sun

Microsoft's code name for 64-bit Windows was also a dig at rival Sun

20 hours ago
Accelerating software delivery while keeping a close check

Accelerating software delivery while keeping a close check

19 hours ago
GitLab admits IT ineptitude in finance reporting is ongoing

GitLab admits IT ineptitude in finance reporting is ongoing

18 hours ago
3 best DC movies to watch on Netflix in December

3 best DC movies to watch on Netflix in December

15 hours ago
English (US) English (US) · Indonesian (ID) Indonesian (ID) ·
About Us · Contact Us · Terms & Conditions · Disclaimer ·

©2023 PAK MEDIA BLOG.
All Rights Reserved.