Home SecurityCloud Security Cloud infrastructure operators should quickly patch VMware Cloud Director flaw

Cloud infrastructure operators should quickly patch VMware Cloud Director flaw

by ethhack

Public and private cloud administrators who are using VMware Cloud Director should immediately apply the patch for a high-risk vulnerability that can be used by hackers to take full control of virtualized cloud infrastructure, security experts warn. VMware released fixes for the command injection flaw last month, but if left unpatched, it can be easily exploited through customer trial accounts.

VMware Cloud Director (previously vCloud Director) is a cloud service delivery platform that allows cloud providers, governments or large enterprises to create, deploy and manage virtual datacenters. It provides a web-based management interface as well as an API through which customers can manage their virtual cloud resources.

Penetration testers from security consulting firm Citadelo found the VMware Cloud Director vulnerability during a security audit of the VMware-based cloud infrastructure of a Fortune 500 organization earlier this year. They reported the flaw — which is tracked as CVE-2020-3956 — to VMware in early April and the software vendor released patches and a security advisory in May.

VMware rated the issue 8.8 (high) in the Common Vulnerabilities Scoring System (CVSS) and said that it can lead to arbitrary remote code execution. The flaw can be exploited through the HTML5 and Flex-based user interfaces of Cloud Director, as well as its API Explorer interface and API access.

Full access without exploiting the hypervisor

When it comes to hypervisors, the most sought-after vulnerabilities by attackers are those that allow them to escape from virtual machines into the host systems. Such flaws violate the fundamental segmentation layer between guest operating systems and the host that is supposed to provide security assurances in a virtualized environment.

The annual Pwn2Own hacking contest lists VMware ESXi alongside VMware Workstation among its targets and pays up to $150,000 for a successful virtual machine escape. Exploit acquisition firm Zerodium pays up to $200,000 for such an exploit.

Copyright © 2020 IDG Communications, Inc.

Source link

Related Articles

Leave a Comment