A recent proof-of-concept exploit has been published for a critical vulnerability in VMware vCenter Server, designated CVE-2024-22274. This vulnerability affects the API components of the vCenter Server and has been rated as Important with a CVSSv3 base score of 7.2. The exploit targets specific API components that are vulnerable to a flag injection attack, allowing attackers to execute arbitrary commands on the target system as root user. Security researcher Matei “Mal” Badanoiu of Deloitte Romania demonstrated the vulnerability by manipulating certain API commands to inject malicious SSH flags and gain root privileges. By creating new local users with SSH access and sudo privileges, attackers could potentially gain complete control over the affected system.
VMware has acknowledged the vulnerability and recommends users to apply the necessary updates listed in their response matrix to prevent exploitation of the vulnerability. There are currently no workarounds available, emphasizing the importance of applying security patches immediately to protect systems. Maintaining up-to-date security measures in virtualization environments is crucial to prevent potential exploitation of vulnerabilities like CVE-2024-22274.
Organizations using VMware vCenter Server should review their systems and ensure that they are up-to-date with the latest security patches to minimize the risk of attacks. Users can check the current version of their vCenter Server by logging into the vSphere Client, accessing the Summary tab of the vCenter Server device, or using the appliance shell. Checking the version of the vCenter Server is essential to identify if the system is running an affected version, such as 8.0.0.10200 or earlier, which may be at risk of exploitation.
It is recommended that users apply the security updates provided by VMware as soon as possible to prevent potential attacks. Maintaining vigilance and staying up-to-date with security measures is essential in virtualization environments to protect systems from vulnerabilities like CVE-2024-22274. Remember to always prioritize cybersecurity and take proactive measures to secure your systems against potential threats.
Article Source
https://cybersecuritynews.com/VMware-vcenter-server-poc-exploit/amp/