VMware vCenter Vulnerabilities

 

VMware virtualize physical computers using its core hypervisor product. A hypervisor is a thin layer of software that interacts with the underlying resources of a physical computer (called the host) and allocates those resources to other operating systems (known as guests). Multiple virtual servers can be designed on a single host machine by virtualizing Windows servers and by connecting them to networks and clouds and by designing and implementing virtual desktop infrastructure (VDI) and by enabling template management.

VMware software allows you to run a virtual computer on your physical computer. It increases the efficiency of your computer system. You can use more applications with fewer physical computers. Enterprises often use VMware in conjunction with Cloud Computing. VMware Tools is a set of services and modules that enable several features in VMware products for better management of guests operating systems and seamless user interactions with them. VMware Tools has the ability to: Pass messages from the host operating system to the guest operating system.

VMware vCenter is advanced server management software that provides a centralized platform for controlling your VMware vSphere environments, allowing you to automate and deliver a virtual infrastructure across the hybrid cloud with confidence. vCenter plays a critical role by centralizing control and management of virtualized environments.

Vulnerability:

There are two vulnerabilities associated with VMware vCenter and they are listed below

1.    Protocol implementation allowing unauthenticated attackers to potentially trigger remote code execution.

2.    The vCenter Server contains a privilege escalation vulnerability. A malicious actor may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

 

Affected Products:

• vCenter Server versions 7.0 and 8.0

• VMware Cloud Foundation versions 4.x and 5.x

Resolution:

It is recommended to the DevOps and System administrators to upgrade to a new version or to apply the patch provided by the Broadcom to circumvent the vulnerabilities.