VMware by Broadcom has fixed two critical vulnerabilities affecting VMware vCenter Server and products that contain it: vSphere and Cloud Foundation.
“A malicious actor with network access to vCenter Server may trigger these vulnerabilities by sending a specially crafted network packet potentially leading to remote code execution,” the company said, but noted that they are currently not aware of them being exploited “In the wild”.
VMware vCenter Server is a popular server management solution for controlling vSphere environments.
At the same time, VMware has fixed several local privilege escalation vulnerabilities that may arise due to misconfiguration of sudo and may allow an authenticated local user with non-administrative privileges to elevate privileges to root on vCenter Server Appliance.
The three vulnerabilities have been privately reported by security researchers and affect vCenter Server versions 7.0 and 8.0, as well as Cloud Foundation versions 4.x and 5.x. Products that are past their End of General Support dates – i.e., vSphere 6.5 or 6.7 – “Are not evaluated as part of security advisories. If your organization has extended support please use those processes to request assistance,” the company said in an acompanying FAQ document.
“Many appliances, such as the vCenter Server Appliance, have firewalling capabilities accessible through the Virtual Appliance Management Interface. This firewall can be used to help restrict access and potentially help mitigate vulnerabilities.”