VMware delivers emergency patch for disaster recovery tool

The “high severity” bug allows arbitrary code execution.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cloud computingand software giant VMware has patched a vulnerability in itsdisaster recoverysoftware that allowed exploiters lateral movement across the target network, as well as arbitrary code execution on the server, with maximum privileges.

The VMware vSphere Replication is a data replication tool used to createbackupsof virtual machines - typically in an (unlikely) case of the mainvirtual machinemisbehaving or reporting a failure.

The flaw was first discovered by Egor Dimitrenko, a cybersecurity researcher from Positive Technologies, which registered the flaw asCVE-2021-21976with a CVSS v3 score of 7.2. According to Dimitrenko, the flaw could have been the result of a hastily implemented update, or insufficient verification of user input, despite the fact that mechanisms to prevent these are tacks are generally built into developer tools.

Flawed vulnerability

It is not as easy to abuse, though, due to the fact that the attackers would still need the credentials to access the tool’s administration web interface. Still, Dimitrenko says credentials could be obtained if the victims used weak passwords, or if they get targeted by a social engineering campaign.

Many of us use the samepasswordacross multiple services, and criminals are well aware of the fact. After one service gets breached and the details leak on the dark web, criminals would try it out elsewhere, often successfully logging in.

If theirpatch managementpractice doesn’t allow them to install the fix immediately, organizations are advised to use a Security Information and Event Management (SIEM) solution to monitor for potential signs of penetration until they implement the patch. SIEM solutions can help spot suspicious behavior on a server, register an incident or prevent lateral movement across the network, among other things.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

iStorage Group acquires Kanguru Solutions as it looks to expand security offering

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

Professionals are facing “tech overload” as they try to juggle multiple devices in the workplace