Monday, March 20, 2023
LetsAskBinu.com
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things
No Result
View All Result
LetsAskBinu.com
No Result
View All Result
Home Cybersecurity

VMware Fixes vRealize Log Insight RCE Bugs

Researcher by Researcher
January 31, 2023
in Cybersecurity
0
Novel Malware Installed in VMware ESXi Attacks
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


VMware has released updates for a group of four vulnerabilities in its vRealize Log Insight logging platform, three of which can be combined to achieve remote code execution with root privileges. Researchers have developed a working exploit for the bug chain and are urging enterprises to install the patches as soon as possible.

The four vulnerabilities in vRealize Log Insight include a directory traversal flaw, an information disclosure bug, a broken access control bug, and a denial-of-service flaw. The first three of those bugs can be chained together to give an attacker the ability to run code as root. VMware released updates to address the bugs on Jan. 24, but now researchers at Horizon3 have developed a working exploit for the bugs and are planning to release a detailed technical analysis of the weaknesses and exploit soon.

The attack that the Horizon3 team developed exploits the Thrift services in vRealize Log Insight, and it requires that the target server establish an outbound connection to a remote server to download the payload. The researchers said the bugs are not difficult to exploit, but a successful attack would likely require an adversary to have some access to the target network in advance.

“This vulnerability is easy to exploit however, it requires the attacker to have some infrastructure setup to serve malicious payloads. Additionally, since this product is unlikely to be exposed to the internet, the attacker likely has already established a foothold somewhere else on the network. This vulnerability allows for remote code execution as root, essentially giving an attacker complete control over the system. If a user determines they have been compromised, additional investigation is required to determine any damage an attacker has done,” James Horseman of Horizon3 said in a post analyzing the flaws.

“Gaining access to the Log Insight host provides some interesting possibilities to an attacker depending on the type of applications that are integrated with it. Often logs ingested may contain sensitive data from other services and may allow an attack to gather session tokens, API keys, and PII. Those keys and sessions may allow the attacker to pivot to other systems and further compromise the environment.”

The vulnerabilities affect version 8.x of vRealize Log Insight, and the fixed version is 8.10.2.

VMware also has released workarounds for the bugs for organizations that aren’t able to update right away.



Source link

Related articles

Sentra Raises $30 Million for DSPM Technology

Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes

March 20, 2023
undetected since 2021 and resists firmware update

undetected since 2021 and resists firmware update

March 20, 2023
Tags: BugsfixesinsightlogRCEVMwarevRealize
Share76Tweet47

Related Posts

Sentra Raises $30 Million for DSPM Technology

Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes

March 20, 2023
0

Cryptocurrency ATM manufacturer General Bytes over the weekend disclosed a security incident that resulted in the theft of millions of...

undetected since 2021 and resists firmware update

undetected since 2021 and resists firmware update

March 20, 2023
0

A possible Chinese attack campaign on compromised unpatched SonicWall SMA edge devices stayed undetected since 2021 and could persist even...

Sentra Raises $30 Million for DSPM Technology

New ‘Trigona’ Ransomware Targets US, Europe, Australia

March 20, 2023
0

A new ransomware family has proven highly active over the past several months, cybersecurity firm Palo Alto Networks warns. Dubbed...

Biden administration sees dangers in cloud, but users must protect perimeters

Biden administration sees dangers in cloud, but users must protect perimeters

March 19, 2023
0

Image: Maksym Yemelyanov/Adobe Stock President Joe Biden’s administration, as part of its recently released National Cybersecurity Strategy, said critical sectors...

Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder

Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder

March 19, 2023
0

Chinese technology giant Huawei has replaced thousands of product components banned by the United States with homegrown versions, its founder...

Load More
  • Trending
  • Comments
  • Latest
This Week in Fintech: TFT Bi-Weekly News Roundup 08/02

This Week in Fintech: TFT Bi-Weekly News Roundup 15/03

March 15, 2022
QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

March 15, 2022
Supply chain efficiency starts with securing port operations

Supply chain efficiency starts with securing port operations

March 15, 2022
A first look at threat intelligence and threat hunting tools

A first look at threat intelligence and threat hunting tools

March 15, 2022
Beware! Facebook accounts being hijacked via Messenger prize phishing chats

Beware! Facebook accounts being hijacked via Messenger prize phishing chats

0
Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

0
Remote work causing security issues for system and IT administrators

Remote work causing security issues for system and IT administrators

0
Elementor WordPress plugin has a gaping security hole – update now – Naked Security

Elementor WordPress plugin has a gaping security hole – update now – Naked Security

0
First Dero Cryptojacking Targets Unprotected Kubernetes Instances

First Dero Cryptojacking Targets Unprotected Kubernetes Instances

March 20, 2023
Running WordPress on Microsoft Azure

Running WordPress on Microsoft Azure

March 20, 2023
Sentra Raises $30 Million for DSPM Technology

Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes

March 20, 2023
Why You Should Opt Out of Sharing Data With Your Mobile Provider – Krebs on Security

Why You Should Opt Out of Sharing Data With Your Mobile Provider – Krebs on Security

March 20, 2023

Recent Posts

First Dero Cryptojacking Targets Unprotected Kubernetes Instances

First Dero Cryptojacking Targets Unprotected Kubernetes Instances

March 20, 2023
Running WordPress on Microsoft Azure

Running WordPress on Microsoft Azure

March 20, 2023
Sentra Raises $30 Million for DSPM Technology

Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes

March 20, 2023

Categories

  • Cyber Threats
  • Cybersecurity
  • Fintech
  • Hacking
  • Internet Of Things
  • LetsAskBinuBlogs
  • Malware
  • Networking
  • Protection

Tags

Access attack Attacks banking BiWeekly bug Cisco cloud code critical Cybersecurity Data Digital exploited financial Fintech Flaw flaws Google Group Hackers Krebs Latest launches malware Microsoft million Network News open patches Payments platform Ransomware RoundUp security Software Stories TFT Threat Top vulnerabilities vulnerability warns Week

© 2022 Lets Ask Binu All Rights Reserved

No Result
View All Result
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things

© 2022 Lets Ask Binu All Rights Reserved