Critical VMware Cloud Director Bug Could Let Hackers Takeover Entire Cloud Infrastructure
UPDATE: Industroyer2 and Pipedream ICS/SCADA Malware: DOE, CISA, NSA, and the FBI Release Joint Cybersecurity Advisory
April 18, 2022Reminder: WECC Board of Directors is Holding a Webinar Regarding Risk Priorities
April 18, 2022
Summary:
Cloud computing and virtualization technology firm VMWare on Thursday rolled out an update to resolve a critical security flaw in its Cloud Director product that could be weaponized to launch remote code execution attacks. The issue, assigned the identifier CVE-2022-22966, has a CVSS score of 9.1 out of a maximum of 10. VMware credited security researcher Jari Jääskelä with reporting the flaw.
Additional Discussion:
VMware Cloud Director, formerly known as vCloud Director, is used by many well-known cloud providers to operate and manage their cloud infrastructures and gain visibility into datacenters across sites and geographies.
The vulnerability could, in other words, end up allowing attackers to gain access to sensitive data and take over private clouds within an entire infrastructure.
Affected versions include 10.1.x, 10.2.x, and 10.3.x, with fixes available in versions 10.1.4.1, 10.2.2.3, and 10.3.3. The company has also published workarounds that can be followed when upgrading to a recommended version is not an option.
Link
https://www.vmware.com/security/advisories/VMSA-2022-0013.html
