Monday, October 7, 2024
HomeCloudCritical VMware Cloud Director Bug Let Hackers Complete Take Over the Corporate...

Critical VMware Cloud Director Bug Let Hackers Complete Take Over the Corporate Server Infrastructure

Published on

Recently, a group of security researchers at Citadelo has revealed a new vulnerability in VMware Cloud Director, a leading cloud service-delivery platform that could potentially allow an attacker to access sensitive data and control private clouds within the infrastructure.

The security researchers have marked the flaw as ‘CVE-2020-3956‘, even they have also claimed that the flaw is a classic code injection that results in malicious injection or introduction of code.

This security flaw could be abused by the attackers to send malicious traffic to the Cloud Director, ultimately leading to the execution of arbitrary code, as we hinted earlier. 

- Advertisement - EHA

Moreover, this security flaw was rated 8.8 out of 10 on the CVSSV3 vulnerability severity scale, making it a dangerous flaw unveiled by the security researchers.

VMware Cloud Director is a popular distribution platform that is used to manage and organize resources in the cloud, allowing firms to access data centers distributed in different geo-locations.

In short, the hackers can use this vulnerability to execute code execution attacks and technically take over all private clouds linked to the provided infrastructure.

The security company, Citadelo discovered this vulnerability on April 1, after conducting a security audit for a customer.

But, this tool is used by several companies around the world, and the urgency to solve the problem was introduced. 

This security flaw affects the VMware Cloud Director in versions 10.1.0 and earlier, as well as vCloud Director 8x – 10x in Linux configurations and PhotonOS devices. Apart from this, this flaw could be exploited through HTML5, Flex-based UIs, the API Explorer interface, and API access.

Who is affected?

  • Public cloud providers using VMware vCloud Director.
  • Private cloud providers using VMware vCloud Director
  • Enterprises using VMware vCloud Director technology
  • Any government identity using VMware Cloud Director.

Exploitation

This security flaw allows the attackers to do the following things that we have mentioned below:-

  • Allow viewing all the crucial contents of the system’s internal database.
  • Allow modifying the system database to access the virtual machines (VMs) assigned to different organizations.
  • Allow escalating the privileges from Organization Administrator to System Administrator with access to all cloud accounts.
  • Allow changing the Cloud Director login page.
  • Allow accessing other sensitive data like the customers’ full names, email addresses, and IP addresses.

By using the code injection vulnerabilities, attackers can view the confidential data of internal databases, like the password hashes that are given to the customers of the information system.

However, after these discoveries, the security researchers have directly communicated their results to VMware, and the company quickly responded to fix the security holes in a series of updates in versions ‘9.1.0.4,’ ‘9.5.0.6,’ ‘9.7.0.5,’ and ‘10.0. 0.2.’

So, the organizations that have not yet applied this fix are still vulnerable to this flaw.

So, what do you think about this? Share all your views and thoughts in the comment section below.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Also Read:

SaltStack Salt Critical Bug Affects Thousands of Datacenters and Cloud Environments

Cloud Computing Penetration Testing Checklist & Important Considerations

How to Choose a Cloud Services Provider With Best Security considerations

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection

Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA,...

RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files

The researcher investigated the potential security risks associated with debugging dump files in Visual...

Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been identified in the Cacti network monitoring tool that...

Microsoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers

Microsoft and the U.S. Department of Justice (DOJ) have disrupted the operations of Star...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Cloud Penetration Testing Checklist – 2024

Cloud Penetration Testing is a method of actively checking and examining the Cloud system...

TeamTNT Hackers Attacking VPS Servers Running CentOS

TeamTNT is targeting CentOS VPS clouds with SSH brute force attacks. It has uploaded...

CloudSOC – An OpenSource Project for SOC & Security Analysts

Security Operations Centers (SOCs) and security analysts are under immense pressure to stay ahead...