Cloud computing and software giant VMware has patched a vulnerability in its disaster recovery software that allowed operators to move laterally on the target network, as well as execute arbitrary code on the server, with full privileges. VMware vSphere Replication is a data replication tool used to create virtual machine backups, typically in the (rare) event that the parent virtual machine malfunctions or reports a failure. The flaw was first discovered by Egor Dimitrenko, a cybersecurity researcher at Positive Technologies, who logged the flaw as CVE-2021-21976 with a CVSS v3 score of 7.2. According to Dimitrenko, the flaw could have been the result of a hastily deployed update or insufficient verification of user input, despite the fact that mechanisms to prevent these errors are usually built into development tools.
Imperfect vulnerability
However, it is not as easy to abuse due to the fact that attackers would still need the credentials to access the tool's administrative web interface. Still, Dimitrenko says credentials could be obtained if victims used weak passwords or were the target of a social engineering campaign. Many of us use the same password across multiple services, and criminals are well aware of this. Once a service was breached and details were leaked to the dark web, criminals would try elsewhere, often successfully logging in. If their patch management practice does not allow them to install the patch immediately, organizations are encouraged to use a security information and event management (SIEM) solution to monitor for signs of penetration until they implement the solution. SIEM solutions can help detect suspicious behavior on a server, record an incident, or prevent lateral movement on the network, among other things.