Exploit Chain for Gaining Remote Access to VMware vRealize Log Insight

Last week, VMware released patches for four vulnerabilities in its vRealize Log Insight product. If these vulnerabilities were combined, it could allow attackers to take control of the log collection and analytics platform. Security researchers have now released a proof-of-concept exploit chain, along with detailed explanations for each vulnerability, which could lead to attacks in the wild. Gaining access to the Log Insight host could give attackers access to sensitive data from other services, such as session tokens, API keys, and PII. This could allow them to pivot to other systems and further compromise the environment. The first vulnerability, CVE-2022-31704, is a broken access control issue. VMware's manual workaround script blocked access to TCP ports 16520 through 16580, which are used for communication using the Apache Thrift RPC framework. The second vulnerability, CVE-2022-31706, is a directory traversal issue. The researchers found an RPC called remotePakDownloadCommand that downloads a file with the .pak extension, and another RPC called pakUpgradeCommand that can be used to invoke a Python script that unpacks this file. The third vulnerability, CVE-2022-31711, is an information disclosure issue that can be used to leak a node token. The fourth vulnerability, CVE-2022-31710, is a deserialization issue that can be exploited to crash the system and cause a denial-of-service condition. This vulnerability is not required for the exploit chain that results in remote code execution. Log Insight is not typically exposed to the internet, but if an attacker gains access to the local network, they can exploit the vulnerabilities to gain access to sensitive data and use it for lateral movement. VMware has released a workaround script and version 8.10.2 of vRealize Log Insight, which patches the flaws.

This Cyber News was published on www.csoonline.com. Publication date: Thu, 02 Feb 2023 21:23:03 +0000

Cyber News related to Exploit Chain for Gaining Remote Access to VMware vRealize Log Insight

VMware Fixes Critical Security Bugs in vRealize Log Analysis Tool - Organizations using the VMware vRealize Log Analysis tool are being urged to update it in order to patch several recently discovered security bugs. According to a security advisory issued by VMware yesterday, the company has identified a critical ...
1 year ago Bleepingcomputer.com

Exploit Released for Critical VMware vRealize Log Insight RCE Vulnerability - Horizon3 security researchers have released proof-of-concept code for a VMware vRealize Log Insight vulnerability chain that allows attackers to gain remote code execution on unpatched appliances. VMware patched four security vulnerabilities in its ...
1 year ago Bleepingcomputer.com

Exploit Chain for Gaining Remote Access to VMware vRealize Log Insight - Last week, VMware released patches for four vulnerabilities in its vRealize Log Insight product. If these vulnerabilities were combined, it could allow attackers to take control of the log collection and analytics platform. Security researchers have ...
1 year ago Csoonline.com

VMware vRealize Log RCE Exploit Release: Horizon3s Attack Team PoC Exploit Code - Researchers from the Horizon3s Attack Team have released PoC exploit code for remote code execution in VMware vRealize Log. This code triggers a series of flaws in the product to achieve remote code execution on vulnerable installs. VMware Aria ...
1 year ago Securityaffairs.com

VMware warns admins of public exploit for vRealize RCE flaw - VMware warned customers on Monday that proof-of-concept exploit code is now available for an authentication bypass flaw in vRealize Log Insight. "Updated VMSA to note that VMware has confirmed that exploit code for CVE-2023-34051 has been published," ...
11 months ago Bleepingcomputer.com

Critical Security Vulnerability Discovered in VMware vRealize Log Insight - A critical security vulnerability has been discovered in the VMware vRealize Log Insight product that could allow a remote, unauthenticated user to gain access to the system. VMware recently released a patch for this vulnerability, CVE-2020-3957, ...
1 year ago Securityaffairs.com

Software Supply Chain Security Checklist - In the ever-evolving landscape of digital innovation, the integrity of software supply chains has become a pivotal cornerstone for organizational security. Software supply chain security is not just about protecting code - it's about safeguarding the ...
9 months ago Feeds.dzone.com

VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks - VMware has fixed a critical authentication bypass vulnerability in Cloud Director appliance deployments, a bug that was left unpatched for over two weeks since it was disclosed on November 14th. Cloud Director is a VMware platform that enables admins ...
11 months ago Bleepingcomputer.com

VMWare discloses critical VCD Appliance auth bypass with no patch - VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments. Cloud Director enables VMware admins to manage their organizations' cloud services as part of Virtual Data Centers. The auth ...
11 months ago Bleepingcomputer.com

How to Protect Yourself Against an Incoming VRealize Log Insight RCE Exploit - Due to a recent security risk with VRealize Log Insight, users must take steps to protect themselves. A remote code execution (RCE) exploit for this software is set to launch within a week, leaving system administrators with minimal time to patch ...
1 year ago Bleepingcomputer.com

Investigation of Possible Causes of ESXiArgs Ransomware Attacks Suggests VMware is Not at Fault - Edward Hawkins, the High-Profile Product Incident Response Manager at VMware, has denied allegations that two-year-old security flaws have been used in the current ESXiArgs ransomware attacks. Over the weekend, reports surfaced about cybercriminals ...
1 year ago Hackread.com

New "MITRE ATT&CK-like" framework outlines software supply chain attack TTPs - A new open framework seeks to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack ...
1 year ago Csoonline.com

VMware fixes critical code execution flaw in vCenter Server - VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers. vCenter Server is the central management hub for VMware's vSphere suite, and it helps ...
11 months ago Bleepingcomputer.com

Chinese Spies Exploited Critical VMware Bug for Nearly 2 Years - One of the most serious VMware vulnerabilities in recent memory was secretly being exploited by a Chinese advanced persistent threat for years before a patch became available. In a sign of just how severe this particular issue was, VMware went so far ...
9 months ago Darkreading.com

Chinese threat group exploited VMware vulnerability in 2021 - A critical VMware vulnerability that was patched in October was exploited in the wild two years ago by a China-nexus threat actor, according to new research from Mandiant. On Oct. 25, VMware first disclosed an out-of-bounds write vulnerability ...
9 months ago Techtarget.com

VMware urges admins to remove deprecated, vulnerable auth plug-in - VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched. The vulnerable VMware Enhanced ...
8 months ago Bleepingcomputer.com

Russians break into Microsoft as Chinese hit VMware users The Register - A VMware security vulnerability has been exploited by Chinese cyberspies since late 2021, according to Mandiant, in what has been a busy week for nation-state espionage news. On Friday VMware confirmed CVE-2023-34048, a critical out-of-bounds write ...
9 months ago Go.theregister.com

VMware Patches Vulnerabilities Exploited at Pwn2Own 2024 - Broadcom-owned VMware on Tuesday published a security advisory to inform Workstation and Fusion customers that patches are available for vulnerabilities exploited earlier this year at the Pwn2Own hacking competition. It's worth noting that VMware ...
5 months ago Securityweek.com

Linux version of Qilin ransomware focuses on VMware ESXi - A sample of the Qilin ransomware gang's VMware ESXi encryptor has been found and it could be one of the most advanced and customizable Linux encryptors seen to date. Due to this adoption, almost all ransomware gangs have created dedicated VMware ESXi ...
11 months ago Bleepingcomputer.com

Releasing Exploit for VMware vRealize Log: Patch Now to Stay Secure - Security researchers have recently announced that they will be releasing an exploit for the VMware vRealize Logging (VRO). VRO is a security log management tool that helps administrators to identify any malicious activity or abnormal system behavior. ...
1 year ago Bleepingcomputer.com

CISA Announces Renewal of the Information and Communications Technology Supply Chain Risk Management Task Force - The Task Force, chaired by CISA's National Risk Management Center and the Information Technology and Communications Sector Coordinating Councils, is a public-private partnership composed of a diverse range of representatives from public and private ...
9 months ago Cisa.gov

Chinese Espionage Group Has Exploited VMware Flaw Since 2021 - A Chinese espionage group spotted last year by Mandiant researchers abusing a flaw that affected VMware virtualization tools has been exploiting another zero-day vulnerability in VMware's vCenter Server since at least late 2021, according to the ...
9 months ago Securityboulevard.com

VMware Releases Security Update for VMware vRealize Operations - VMware released a security update that addresses a cross-site request forgery bypass vulnerability affecting VMware vRealize Operations. A malicious user could exploit this vulnerability to take control of an affected system. CISA encourages users ...
1 year ago Us-cert.cisa.gov

CVE-2010-1142 - VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; ...
11 years ago

VMware makes Workstation Pro and Fusion Pro free for personal use - VMWare has made Workstation Pro and Fusion Pro free for personal use, allowing home users and students to set up their own virtualized test labs and play with another operating system at little to no cost. Things have been a little shaky since ...
5 months ago Bleepingcomputer.com

Latest Cyber News

CVE-2024-43434 - 16 hours ago
CVE-2024-43436 - 16 hours ago
CVE-2024-43438 - 16 hours ago
CVE-2024-43440 - 16 hours ago
CVE-2024-43425 - 16 hours ago
CVE-2024-43426 - 16 hours ago
CVE-2024-43428 - 16 hours ago
CVE-2024-43431 - 16 hours ago
CVE-2024-8442 - 17 hours ago
CVE-2024-24914 - 18 hours ago
CVE-2024-10526 - 19 hours ago
CVE-2024-50169 - 20 hours ago
CVE-2024-50170 - 20 hours ago
CVE-2024-50171 - 20 hours ago
CVE-2024-50172 - 20 hours ago
CVE-2024-51504 - 20 hours ago
CVE-2024-50155 - 20 hours ago
CVE-2024-50156 - 20 hours ago
CVE-2024-50157 - 20 hours ago
CVE-2024-50158 - 20 hours ago

Cyber Trends (last 7 days)

Okta - 11 months ago
23andMe - 11 months ago
Kimsuky - 11 months ago
LogoFAIL - 11 months ago
Gh0st rat - 11 months ago

Trending Cyber News (last 7 days)

CVE-2024-10081 - 1 day ago
CVE-2024-10082 - 1 day ago
CVE-2024-10916 - 1 day ago
CVE-2024-35146 - 1 day ago
CVE-2024-6861 - 1 day ago
CVE-2024-10919 - 1 day ago
CVE-2024-10920 - 1 day ago
CVE-2024-10318 - 1 day ago
CVE-2024-20371 - 1 day ago
CVE-2024-20418 - 1 day ago
CVE-2024-20445 - 1 day ago
CVE-2024-20457 - 1 day ago
CVE-2024-20476 - 1 day ago
CVE-2024-20484 - 1 day ago
CVE-2024-20487 - 1 day ago
CVE-2024-20504 - 1 day ago
CVE-2024-20507 - 1 day ago
CVE-2024-20511 - 1 day ago
CVE-2024-20514 - 1 day ago
CVE-2024-20525 - 1 day ago