VMware addresses serious flaws in vRealize Operations for Horizon Adapter

VMware has addressed serious vulnerabilities in vRealize Operations for Horizon Adapter, including remote code execution and authentication bypass flaws.

VMware vRealize Operations is a software product that provides operations management across physical, virtual and cloud environments, it supports environments based on vSphere, Hyper-V or Amazon Web Services.

Horizon Adapter instances created on VMware vRealize Operations Manager nodes allow users to receive communications from Horizon agents installed on virtual machines.

The three vulnerabilities in vRealize Operations for Horizon Adapter (CVE-2020-3943, CVE-2020-3944, CVE-2020-3945) were reported by An Trinh, a cyber security expert from Vietnam’s telecommunications service provider Viettel.

Trinh did not share technical details about the vulnerabilities.

The most severe issue, tracked as CVE-2020-3943, is a remote code execution flaw rated as critical that can be exploited by an unauthenticated attacker with network access to vRealize Operations, with the Horizon Adapter running.

“vRealize Operations for Horizon Adapter contains multiple security vulnerabilities.” reads an advisory published by VMware.

“vRealize Operations for Horizon Adapter uses a JMX RMI service which is not securely configured. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.0.

“An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations”

The second flaw, tracked as CVE-2020-3944 and rated high severity, could allow an unauthenticated attacker with access to the network to bypass Adapter authentication.

“vRealize Operations for Horizon Adapter has an improper trust store configuration leading to authentication bypass. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.6.” continues the advisory.

“An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to bypass Adapter authentication.”

The last flaw, tracked as CVE-2020-3945 and rated as moderate severity, is an information disclosure vulnerability caused by “incorrect pairing implementation between the vRealize Operations for Horizon Adapter and Horizon View.”

The flaws affect vRealize Operations for Horizon Adapter 6.6.x and 6.7.x on Windows. VMware released versions 6.6.1 and 6.7.1 to address the flaws.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, IOTA foundation)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.