VMware warns to patch now against exploitable bugs

By

Exploit code published on GitHub.

VMware is warning that high-severity bugs first disclosed last week now have proof-of-concept (PoC) exploit code available, and need to be patched.

VMware warns to patch now against exploitable bugs

The company’s October 19 advisory for CVE-2023-34051 (an authentication bypass bug) and CVE-2023-34052 (a deserialisation vulnerability) has been updated to reflect the existence of the exploit code.

The two bugs affect its Aria Operations for Logs (formerly vRealize Logs) software.

According to a technical analysis by Horizon3, the latest bugs arose because of an incomplete fix for the issues disclosed earlier this year, in this advisory.

VMware closed a bug in its Thrift services, which Horizon3 explained was meant to make the other vulnerabilities unreachable.

“Since the patch only blocks access to Thrift services by IP and did not fix the other CVEs in VMSA-2023-0001, all an attacker needs to do is spoof their IP address and use the previous attack,” Horizon3 said.

“For this attack to work we need: At least two instances of VMware vRealize Log Insight in a master / worker configuration; [and] An attacker machine that uses the same source IP address as the worker node (if attacking the master).”

The researchers noted that while the attack was straightforward, "it relies on the attacker having compromised an existing host in the environment and having the sufficient permissions to add an additional static IP to an existing interface or add an additional interface.”

Horizon3’s PoC code is on GitHub.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Eagers Automotive finds unauthorised access to parts of IT systems

Eagers Automotive finds unauthorised access to parts of IT systems

Hackers hit Victoria's court recording database

Hackers hit Victoria's court recording database

St Vincent's Health Australia warns cyber attack forensics could "take some time"

St Vincent's Health Australia warns cyber attack forensics could "take some time"

Yakult Australia confirms cyber incident

Yakult Australia confirms cyber incident

Log In

  |  Forgot your password?