Sunday, July 12, 23:20
Home security VMware Cloud Director: Error allowing infrastructure to access!

VMware Cloud Director: Error allowing infrastructure to access!

Recently, its security researchers Citadelo revealed a new bug in VMware Cloud Director, a top one platform cloud services, which could allow an intruder to gain access to sensitive data and control privately in cloud within an infrastructure. Security researchers have identified the error as CVE-2020-3956, claiming it is a typical infusion. code leading to malicious infusion or code entry.

This security error could be exploited by intruders to send malicious traffic to the Cloud Director, leading to arbitrary code execution. In addition, this security error, which was discovered by researchers and has a severity rating of 8,8 out of 10, is quite dangerous. VMware Cloud Director is a popular distribution platform used to manage and organize cloud resources, allowing companies to access data centers distributed in different geographical areas.

In other words, the invaders can take advantage of this error to carry out code execution attacks and technically take over all the private cloud connected to the provided infrastructure. Security firm Citadelo discovered the error on April 1, after conducting a security check for a customer. However, since this tool is used by many companies worldwide, it has made the problem quite critical and urgent. This security error affects VMware Cloud Director on publications 10.1.0 and in older ones, as well as the vCloud Director 8x - 10x in configurations Linux and PhotonOS devices. Also, this error could be used via HTML5, Flex-based UI, API Explorer interface and API access. The following are affected by this security error:

  • Public cloud providers using VMware vCloud Director.
  • Private cloud providers using VMware vCloud Director.
  • Businesses that use VMware vCloud Director technology.
  • Any government service that uses VMware Cloud Director.

This security error allows attackers to do the following:

  • To see all the critical content of a system's internal database.
  • To modify it database of the system for access to virtual machines (VMs) assigned to different organizations.
  • The escalation of privileges from “Organizational Administrator” to “System Administrator”, with access to all cloud accounts.
  • Change the Cloud Director login page.
  • Gain access to other sensitive data, such as full names, addresses e-mail and IP customer addresses.
  • Using encryption vulnerabilities, intruders can view the confidential data of internal databases, such as passwords given to customers of the information system.

However, after these discoveries, security researchers announced their results directly on the official VMware site, while the company responded quickly to correct the security gaps with a series of updates to 9.1.0.4, 9.5.0.6, 9.7.0.5. , and 10.0.0.2. Therefore, organizations that have not yet implemented this information code are still vulnerable to this error.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Pohackontas
Pohackontashttps://www.secnews.gr
Every accomplishment starts with the decision to try.

LIVE NEWS

TrickBot malware accidentally warns victims that they have been infected

The famous TrickBot malware accidentally left a test module that warns the victims that they are infected and should contact ...

Financial institutions: The risk of data breach is higher!

According to a report, financial institutions tend to be at greater risk of data breach due to a lack of proper security controls ....

Google Chrome: Import, export and backup stored passwords

Google Chrome Password Manager lets you save usernames and passwords and ...

Apple: do not cover the camera on MacBook devices

Many users today have a habit of covering their laptop camera in order to protect themselves from any surveillance through it. However...

COVID-19-workplace: What can you do to avoid becoming a source of infection?

The number of COVID-19 cases worldwide seems to be increasing. However, most countries have ...

The best books of 2020, according to Amazon

If you like good books and are looking for new additions to your collection, choose from the 5 best books, according to ...

US Secret Service: Warns of increased attacks on MSPs

In June, the US Secret Service warned the private sector as well as government agencies that there has been a worrying increase ...

Create an imaginative meme and win a OnePlus Nord

One of the most anticipated financial smartphones of OnePlus, the OnePlus Nord, is going to be presented soon at an event that will take place ...

Sony: Invest $ 250 Million in Fortnite Epic Games!

Sony has made an investment of $ 250 million to acquire a 1,4% stake in Epic Games, ...

C-Data FTTH OLT devices contain backdoors

Serious vulnerabilities and backdoors were discovered by two security researchers in the firmware of 29 FTTH OLT devices, the popular equipment provider C-Data.