VMware warns admins of public exploit for vRealize RCE flaw

VMware warned customers on Monday that proof-of-concept exploit code is now available for an authentication bypass flaw in vRealize Log Insight. "Updated VMSA to note that VMware has confirmed that exploit code for CVE-2023-34051 has been published," the company said in an update to the original advisory. Tracked as CVE-2023-34051, it allows unauthenticated attackers to execute code remotely with root permissions if certain conditions are met. Successful exploitation hinges on the attacker compromising a host within the targeted environment and possessing permissions to add an extra interface or static IP address, according to Horizon3 security researchers who discovered the bug. Horizon3 published a technical root cause analysis for this security flaw on Friday with additional information on how CVE-2023-34051 can be used to gain remote code execution as root on unpatched VMware appliances. The security researchers also released a PoC exploit and a list of indicators of compromise that network defenders could use to detect exploitation attempts within their environments. "This POC abuses IP address spoofing and various Thrift RPC endpoints to achieve an arbitrary file write," the Horizon3 Attack Team said. "For this attack to work, an attacker must have the same IP address as a master /worker node." This vulnerability is also a bypass for an exploit chain of critical flaws patched by VMware in January, enabling attackers to gain remote code execution. The first is a directory traversal bug, the second is a broken access control flaw, while the third, an information disclosure bug, allows attackers to gain access to sensitive session and application info,. Attackers can chain these vulnerabilities to inject maliciously crafted files into the operating system of VMware appliances running unpatched Aria Operations for Logs software. When Horizon3 security researchers released a VMSA-2023-0001 PoC exploit one week after the company pushed security updates, they explained that their RCE exploit "Abuses the various Thrift RPC endpoints to achieve an arbitrary file write." "This vulnerability is easy to exploit however, it requires the attacker to have some infrastructure setup to serve malicious payloads," they said. Threat actors frequently exploit vulnerabilities within previously compromised networks for lateral movement, making vulnerable VMware appliances valuable internal targets. In June, VMware warned customers about another critical remote code execution vulnerability in VMware Aria Operations for Networks being exploited in attacks. Exploit available for critical WS FTP bug exploited in attacks. Exploit released for critical VMware SSH auth bypass vulnerability. VMware Aria vulnerable to critical SSH authentication bypass flaw. Exploit released for Ivanti Sentry bug abused as zero-day in attacks. Cisco warns of new IOS XE zero-day actively exploited in attacks.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to VMware warns admins of public exploit for vRealize RCE flaw

VMWare discloses critical VCD Appliance auth bypass with no patch - VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments. Cloud Director enables VMware admins to manage their organizations' cloud services as part of Virtual Data Centers. The auth ...
11 months ago Bleepingcomputer.com
VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks - VMware has fixed a critical authentication bypass vulnerability in Cloud Director appliance deployments, a bug that was left unpatched for over two weeks since it was disclosed on November 14th. Cloud Director is a VMware platform that enables admins ...
11 months ago Bleepingcomputer.com
VMware warns admins of public exploit for vRealize RCE flaw - VMware warned customers on Monday that proof-of-concept exploit code is now available for an authentication bypass flaw in vRealize Log Insight. "Updated VMSA to note that VMware has confirmed that exploit code for CVE-2023-34051 has been published," ...
11 months ago Bleepingcomputer.com
VMware Fixes Critical Security Bugs in vRealize Log Analysis Tool - Organizations using the VMware vRealize Log Analysis tool are being urged to update it in order to patch several recently discovered security bugs. According to a security advisory issued by VMware yesterday, the company has identified a critical ...
1 year ago Bleepingcomputer.com
Exploit Released for Critical VMware vRealize Log Insight RCE Vulnerability - Horizon3 security researchers have released proof-of-concept code for a VMware vRealize Log Insight vulnerability chain that allows attackers to gain remote code execution on unpatched appliances. VMware patched four security vulnerabilities in its ...
1 year ago Bleepingcomputer.com
VMware urges admins to remove deprecated, vulnerable auth plug-in - VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched. The vulnerable VMware Enhanced ...
9 months ago Bleepingcomputer.com
VMware fixes critical code execution flaw in vCenter Server - VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers. vCenter Server is the central management hub for VMware's vSphere suite, and it helps ...
11 months ago Bleepingcomputer.com
Investigation of Possible Causes of ESXiArgs Ransomware Attacks Suggests VMware is Not at Fault - Edward Hawkins, the High-Profile Product Incident Response Manager at VMware, has denied allegations that two-year-old security flaws have been used in the current ESXiArgs ransomware attacks. Over the weekend, reports surfaced about cybercriminals ...
1 year ago Hackread.com
Atlassian warns of exploit for Confluence data wiping bug, get patching - Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances. Tracked as CVE-2023-22518, this is an improper ...
11 months ago Bleepingcomputer.com
VMware vRealize Log RCE Exploit Release: Horizon3s Attack Team PoC Exploit Code - Researchers from the Horizon3s Attack Team have released PoC exploit code for remote code execution in VMware vRealize Log. This code triggers a series of flaws in the product to achieve remote code execution on vulnerable installs. VMware Aria ...
1 year ago Securityaffairs.com
JumpCloud's Q1 2024 SME IT Trends Report Reveals AI Optimism Tempered by Security Concerns - The report provides updated survey results and new findings to the company's biannual SME IT Trends Report, which was first released in June 2021. The latest edition of the report delves into the impact of artificial intelligence on identity ...
9 months ago Darkreading.com
How to Protect Yourself Against an Incoming VRealize Log Insight RCE Exploit - Due to a recent security risk with VRealize Log Insight, users must take steps to protect themselves. A remote code execution (RCE) exploit for this software is set to launch within a week, leaving system administrators with minimal time to patch ...
1 year ago Bleepingcomputer.com
Critical unauthenticated RCE flaw in OpenSSH server - MUST READ. Critical unauthenticated remote code execution flaw in OpenSSH server. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities ...
4 months ago Securityaffairs.com
Critical Security Vulnerability Discovered in VMware vRealize Log Insight - A critical security vulnerability has been discovered in the VMware vRealize Log Insight product that could allow a remote, unauthenticated user to gain access to the system. VMware recently released a patch for this vulnerability, CVE-2020-3957, ...
1 year ago Securityaffairs.com
Chinese threat group exploited VMware vulnerability in 2021 - A critical VMware vulnerability that was patched in October was exploited in the wild two years ago by a China-nexus threat actor, according to new research from Mandiant. On Oct. 25, VMware first disclosed an out-of-bounds write vulnerability ...
10 months ago Techtarget.com
Experts released PoC exploit code for RCE in Fortinet SIEM - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Crowdfense is offering a larger 30M USD exploit acquisition program. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. PoC ...
5 months ago Securityaffairs.com
Juniper Networks fixed a critical authentication bypass flaw in some of its routers - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 ...
4 months ago Securityaffairs.com
Critical Apache Log4j2 flaw still threatens global finance - Critical Apache Log4j2 flaw still threatens global finance. CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise ...
5 months ago Securityaffairs.com
Juniper warns of critical RCE bug in its firewalls and switches - Juniper Networks has released security updates to fix a critical pre-auth remote code execution vulnerability in its SRX Series firewalls and EX Series switches. Found in the devices' J-Web configuration interfaces and tracked as CVE-2024-21591, this ...
10 months ago Bleepingcomputer.com
Threat actors actively exploit D-Link DIR-859 router flaw - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities ...
4 months ago Securityaffairs.com
Threat actors actively exploit D-Link DIR-859 router flaw - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities ...
4 months ago Securityaffairs.com
Russians break into Microsoft as Chinese hit VMware users The Register - A VMware security vulnerability has been exploited by Chinese cyberspies since late 2021, according to Mandiant, in what has been a busy week for nation-state espionage news. On Friday VMware confirmed CVE-2023-34048, a critical out-of-bounds write ...
10 months ago Go.theregister.com
Chinese Espionage Group Has Exploited VMware Flaw Since 2021 - A Chinese espionage group spotted last year by Mandiant researchers abusing a flaw that affected VMware virtualization tools has been exploiting another zero-day vulnerability in VMware's vCenter Server since at least late 2021, according to the ...
9 months ago Securityboulevard.com
Chinese Spies Exploited Critical VMware Bug for Nearly 2 Years - One of the most serious VMware vulnerabilities in recent memory was secretly being exploited by a Chinese advanced persistent threat for years before a patch became available. In a sign of just how severe this particular issue was, VMware went so far ...
9 months ago Darkreading.com
CERT-UA warns of malware campaign conducted by threat actor UAC-0006 - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Recent DarkGate campaign exploited ...
5 months ago Securityaffairs.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)