The US cybersecurity authority CISA is warning about observed attacks on security vulnerabilities in VMware Aria Operations and VMware Tools from Broadcom, as well as XWiki. The manufacturers are providing software updates that fix the vulnerabilities being attacked on the internet.
The CISA only provides the vulnerability entries for the reported attacks. Unfortunately, it provides no information about the nature and scope of the attacks, nor helpful indicators of compromise (IOCs).
VMware Attacks
The security vulnerability exploited in VMware Aria Operations and VMware Tools was addressed by Broadcom at the end of September in a security advisory, and updated software was provided. The software contains a vulnerability that allows for privilege escalation. “Local non-administrative users with access to a VM where VMware Tools is installed and managed by VMware Aria Operations with SDMP enabled can exploit the security vulnerability to escalate…
