VMware Warns of Newly Discovered Vulnerabilities in vSphere Web Client

VMware has shipped updates to address two security
vulnerabilities in vCenter Server and Cloud Foundation that could
be abused by a remote attacker to gain access to sensitive
information.

The more severe of the issues concerns an arbitrary file read
vulnerability in the vSphere Web Client. Tracked as CVE-2021-21980,
the bug has been rated 7.5 out of a maximum of 10 on the CVSS
scoring system, and impacts vCenter Server versions 6.5 and
6.7.

“A malicious actor with network access to port 443 on vCenter
Server may exploit this issue to gain access to sensitive
information,” the company noted^[1]
in an advisory published on November 23, crediting ch0wn of Orz lab
for reporting the flaw.

The second shortcoming remediated by VMware relates to an
SSRF^[2]
(Server-Side Request Forgery) vulnerability in the Virtual storage
area network (vSAN) Web Client plug-in that could allow a malicious
actor with network access to port 443 on vCenter Server to exploit
the flaw by accessing an internal service or a URL request outside
of the server.

The company credited magiczero from SGLAB of Legendsec at
Qi’anxin Group with discovering and reporting the flaw.

SSRF attacks are a kind of web security vulnerability that
enables an adversary to read or modify internal resources that the
target server has access to by sending specially crafted HTTP
requests, resulting in the unauthorized exposure of
information.

The risks arising out of SSRF attacks are so serious and
widespread that they made it to the Open Web Application Security
Project’s (OWASP) list of Top 10^[3]
web application security risks for 2021.

With VMware’s virtualization solutions widely used across
enterprises, it’s no surprise that its products have become
lucrative^[4]
targets^[5]
for threat actors to mount a variety of attacks against vulnerable
networks. To mitigate the risk of infiltration, it’s recommended
that organisations move quickly to apply the necessary updates.