VMware have published a Security Bulletin announcing patches for multiple vulnerabilities in vCenter Server and Cloud Foundation appliances. Exploitation of the vulnerabilities could result in the full takeover of the affected system, exploitation is possible if the attacker can reach the affected appliance’s Management Port, typically 443 (HTTPS).
Proof of concept code is not yet known to be available for the appropriate vulnerabilities.
Jisc are not currently able to carry out Janet wide scans for these vulnerabilities at present. It is recommended that vCenter should not be exposed to the internet.
Vulnerable versions:
- VMWare vCenter Server 7.0 prior to 7.0 u2d.
- VMWare Cloud Foundation 4.x prior to 4.3.1.
- VMWare vCenter Server 6.7 prior to 6.7 U3o.
- VMWare Cloud Foundation 3.x prior to 3.10.2.2.
- VMWare vCenter Server 6.5 prior to 6.5 U3q.
Recommended actions:
- Ensure vCenter, Cloud Foundation and other management interfaces are only accessible from a management network segment, with network access restricted only to authorised users.
- Apply the latest updates to VMWare infrastructure.
- Review the temporary workaround provided by VMWare if patches cannot be applied.
- Ensure a patch management policy, with prioritisation based on business criticality is documented and implemented within the organisation.
- Ensure those responsible for security are signed up to key vendors’ Security Advisories.
Questions:
If you have any questions or concerns about this advisory, please contact us via our support desk – support@empsn.org.uk