VMware delivers emergency patch for disaster recovery tool
The "high severity" bug allows arbitrary code execution.
Cloud computing and software giant VMware has patched a vulnerability in its disaster recovery software that allowed exploiters lateral movement across the target network, as well as arbitrary code execution on the server, with maximum privileges.
The VMware vSphere Replication is a data replication tool used to create backups of virtual machines - typically in an (unlikely) case of the main virtual machine misbehaving or reporting a failure.
The flaw was first discovered by Egor Dimitrenko, a cybersecurity researcher from Positive Technologies, which registered the flaw as CVE-2021-21976 with a CVSS v3 score of 7.2. According to Dimitrenko, the flaw could have been the result of a hastily implemented update, or insufficient verification of user input, despite the fact that mechanisms to prevent these are tacks are generally built into developer tools.
- Here are the best antivirus programs you can get right now
- Check out our list of the best endpoint protection software
- We've listed the best ransomware protection software for you
Flawed vulnerability
It is not as easy to abuse, though, due to the fact that the attackers would still need the credentials to access the tool’s administration web interface. Still, Dimitrenko says credentials could be obtained if the victims used weak passwords, or if they get targeted by a social engineering campaign.
Many of us use the same password across multiple services, and criminals are well aware of the fact. After one service gets breached and the details leak on the dark web, criminals would try it out elsewhere, often successfully logging in.
If their patch management practice doesn't allow them to install the fix immediately, organizations are advised to use a Security Information and Event Management (SIEM) solution to monitor for potential signs of penetration until they implement the patch. SIEM solutions can help spot suspicious behavior on a server, register an incident or prevent lateral movement across the network, among other things.
- Here's our rundown of the best malware removal tools out there
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.