Cloud computing and software giant VMware has fixed a vulnerability in its disaster recovery software that allowed the exploiters to move sideways across the target network and execute arbitrary code on the server with maximum permissions.
VMware vSphere replication is a data replication tool used to create backups of virtual machines – usually in the (unlikely) event that the main virtual machine is behaving badly or reporting an error.
The bug was first discovered by Egor Dimitrenko, a cybersecurity researcher with Positive Technologies, who registered the bug as CVE-2021-21976 with a CVSS v3 score of 7.2. According to Dimitrenko, the bug could have been the result of a hastily implemented update or insufficient verification of user input, although mechanisms to prevent these attacks are generally built into developer tools.
Faulty security vulnerability
However, it is not that easy to abuse as the attackers would still need the credentials to …