Ignoring 6 RCEs Before Authentication in VMware: A Root with No Response

Ignoring 6 RCEs Before Authentication in VMware: A Root with No Response



Security researcher Sina Kheirkhah has discovered six critical new vulnerabilities in the default configuration of a widely used VMware product that can lead to root failures. Despite not receiving a response from VMware after reaching out about the Pre-Auth RCE vulnerabilities, Kheirkhah, also known as @sinsinology, has determined that the vulnerabilities have a severity score of CVSS 9.8. The Zero Day Initiative (ZDI) has given VMware until September 6 to respond with a fix and a bounty, or else they will mark the vulnerabilities as zero-days and develop detection signatures for their customers. The specific details of the vulnerabilities have not been shared by Kheirkhah in order to prevent threat actors from weaponizing them, but it has been noted that the product is “always vulnerable to all six exploits” without any configuration required. Kheirkhah’s previous CVEs with VMware have included critical vulnerabilities such as command injections and RCE exploits, and VMware‘s security team has historically been responsive. It is advised that customers remain vigilant for a patch and implement immediate remediation measures when one is released, as threat actors may quickly reverse engineer patches due to VMware‘s widespread use in enterprise environments. VMware has not responded to inquiries for comments following their acquisition by Broadcom.



VMware-vulnerabilities-pre-auth-rce-no-reply/”>Article Source