Pierluigi Paganini
April 01, 2021
The vROps delivers self-driving IT operations management for private, hybrid, and multi-cloud environments in a unified, AI-powered platform.
Security researcher Egor Dimitrenko from Positive Technologies discovered a server-side request forgery (SSRF) vulnerability tracked as CVE-2021-21975 and an arbitrary file write issue tracked as CVE-2021-21983.
The CVE-2021-21975 is a Server Side Request Forgery in vRealize Operations Manager API rated as “Important’ severity which received a CVSSv3 base score of 8.6.
The flaw can be exploited by an attacker with network access to the vRealize Operations Manager API to perform to steal administrative credentials.
The CVE-2021-21983 vulnerability is an arbitrary file write vulnerability that affects in vRealize Operations Manager API that was evaluated as ‘Important’ severity with a CVSSv3 base score of 7.2.
The flaw can be exploited by an authenticated attacker with network access to the vRealize Operations Manager API to write files to arbitrary locations on the underlying photon operating system.
The two vulnerabilities could be chained by a remote attacker to execute arbitrary code on a server giving and carry out multiple attacks on a company’s infrastructure.
VMware fixed CVE-2021-21975 and CVE-2021-21983, which when chained together lead to an unauth RCE in vRealize Operations.
— PT SWARM (@ptswarm) March 30, 2021
The vulnerabilities were found by our researcher Egor Dimitrenko.
Advisory: https://t.co/WbQwWyCuhS pic.twitter.com/qzEcBqJAg3
“On March 30, Positive Technologies published a tweet highlighting the vulnerabilities discovered by Dimitrenko. The tweet disclosed a further risk to unpatched systems in which attackers could achieve unauthenticated RCE on vulnerable systems by chaining both CVE-2021-21975 and CVE-2021-21983 together.” reported Tenable. “No details have been shared publicly as to how this can be achieved, but we anticipate researchers or threat actors to develop a proof-of-concept (PoC) exploit in the near future.”
VMware released the following updates for vRealize Operations to fix the above flaws:
| Affected Product | Vulnerable Version | Fixed Version | KB Article |
|---|---|---|---|
| vRealize Operations Manager | 8.3.0 | vROps-8.3.0-HF3 | KB83210 |
| vRealize Operations Manager | 8.2.0 | vROps-8.2.0-HF4 | KB83095 |
| vRealize Operations Manager | 8.1.1, 8.1.0 | vROps-8.1.1-HF6 | KB83094 |
| vRealize Operations Manager | 8.0.1, 8.0.0 | vROps-8.0.1-HF7 | KB83093 |
| vRealize Operations Manager | 7.5.0 | vROps-7.5.0-HF14 | KB82367 |
The virtualization giant has also provided workaround instructions for CVE-2021-21975 and CVE-2021-21983 that involve modifying the casa-security-context.xml file and restarting the Cluster Analytic (CaSA) service.
Experts urge organizations using vROps to install security patches to address the above vulnerabilities as soon as possible to mitigate the risk of cyber attacks exploiting them.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, RCE)
[adrotate banner=”5″]
[adrotate banner=”13″]
