Multiple Vulnerabilities in VMware vROP Identified

Multiple Vulnerabilities in VMware vROP Identified

A cybersecurity alert was issued yesterday, May 11, 2020, regarding multiple vulnerabilities in VMware vROP. The vulnerabilities could allow an attacker to execute arbitrary code, which could potentially lead to a breach.

What It Is:
Multiple vulnerabilities have been discovered in VMware’s vRealize Operations Manager (vROP), the most severe of which could allow for arbitrary code execution. These vulnerabilities are due to SaltStack being a component of vROP since version 7.5. Salt is an open-source remote task and configuration management framework widely used in data centers and cloud servers.

Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

Read the original VMware Security Advisory.

Threat Intelligence:
There are reports of these vulnerabilities being exploited in the wild.

Systems Affected:
• vROP versions 7.5.0 to 8.1.0

Risk:
Government:
• Large and medium government entities: High
• Small government entities: Medium
Businesses:
• Large and medium business entities: High
• Small business entities: Medium
Home users: N/A

What It Means:
If you and/or your business utilize the VMware vROP versions mentioned above, you will need to apply the appropriate measures provided by VMware to affected systems immediately following proper testing.

Technical Summary:
Multiple vulnerabilities have been discovered in VMware’s vRealize Operations Manager, the most severe of which could allow for arbitrary code execution. The vulnerabilities are as follows:

• Improper method call validation that could allow for Arbitrary Code Execution. (CVE-2020-11651)
• Improper method path sanitization that could allow for Arbitrary Directory Access. (CVE-2020-11652)

What To Do:
We recommend the following actions be taken:

• Apply appropriate measures provided by VMware to affected systems immediately after appropriate testing.
• Apply patches provided by VMware as soon as they are released.
• Apply the Principle of Least Privilege to all systems and services.
• Verify no unauthorized system modifications have occurred on the system before applying the patch.
• Monitor intrusion detection systems for any signs of anomalous activity.
• Unless required, limit external network access to affected products.

Negative Consequences of Lost or Stolen Data:
The loss or theft of proprietary data can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:

• Temporary or permanent loss of sensitive or proprietary information.
• Disruption to regular operations.
• Financial losses incurred to restore systems and files.
• Potential harm to an organization’s reputation.

Should your agency or business need assistance with issues arising from vulnerabilities in VMware vROP including updates and/or patches, Dox can help. Please contact Dox if there is anything we can do to assist in securing your agency, business, or organization.

Thank you for your time and stay safe online.