Our hearts go out to everyone affected by Hurricane Helene. Our team has been working endlessly to make sure these communities in Western North Carolina have the resources they need during this challenging time. If you're looking to help out those in need, there are many ways to do so. We have included those options here: Hurricane Helene
10.25.2023

VMWare vCenter Server and Aria Operations Critical Vulnerabilities

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 10/25/2023

Action Level - Critical

Description

VMWare has released security updates for multiple versions of vCenter Server to fix a critical vulnerability. If impacted, this vulnerability could allow an attacker to execute arbitrary code on vulnerable systems. Due to the critical nature of this vulnerability, VMWare recommends immediate investigation of servers running vCenter and Aria Operations and patching of impacted systems.

In addition, Important updates have been released addressing vulnerabilities in Aria Operations for Logs that could allow authentication bypass. If chained, this could ultimately allow an unauthenticated attacker to obtain control of a vulnerable system with local or network access, making this a high priority to patch as well. 

Affected Versions

  • vCenter Server 8.0 - Versions before 8.0U2
  • vCenter Server 7.0 - Versions before 7.0U3o
  • vCenter Server 6.7 - Versions before 6.7U3
  • vCenter Server 6.5 - Versions before 6.5U3
  • VMWare Cloud Foundation 5.x and 4.x (vCenter) - See link to VMWare KB
  • Aria Operations for Logs 8.x - Versions prior to 8.14
  • VMWare Cloud Foundation 5.x and 4.x (Aria Operations) - See link to VMWare KB

Attack Vector

An unauthenticated attacker with network or local access to the device running an affected version listed above.

Attack Feasibility 

As of this writing, there are no confirmed attack reports using these vulnerabilities, though they may be more likely as a result of the vulnerability disclosures.

Mitigation

Removing VMWare servers’ exposure to the Internet is highly recommended if not completely necessary, though this does not remove the possibility of exploit as an attacker may be able to exploit via access to the local network, whether legitimate or through another exploit.

Remediation

Update vCenter and Aria Operations to a current supported version listed in the vendor documentation.

Vendor Resources

MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • x
  • facebook
  • youtube
© 2024 MCNC