One Article Review
| Source |  CISCO Talos |
|---|---|
| Identifiant | 7383086 |
| Date de publication | 2022-10-10 10:23:17 (vue: 2022-10-10 15:06:09) |
| Titre | Vulnerability Spotlight: Data deserialization in VMware vCenter could lead to remote code execution |
| Texte |  Marcin “Icewall” Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. Cisco Talos recently discovered an exploitable data deserialization vulnerability in the VMware vCenter server platform. VMware is one of the most popular virtual machine solutions currently available, and its vCenter software allows users to manage an entire environment of VMs. The vulnerability Talos discovered is a post-authentication Java deserialization issue that could corrupt the software in a way that could allow an attacker to exploit arbitrary code on the target machine. TALOS-2022-1587 (CVE-2022-31680) is triggered if an adversary sends a specially crafted HTTP request to a targeted machine. The attacker would first have to log in with legitimate credentials to vCenter to be successful.  Cisco Talos worked with VMware to ensure that this issue is resolved and an update is available for affected customers, all in adherence to Cisco's vulnerability disclosure policy. Users are encouraged to update these affected products as soon as possible: VMware vCenter Server, version 6.5, update 3t. Talos tested and confirmed this version of vCenter could be exploited by this vulnerability. The following Snort rules will detect exploitation attempts against this vulnerability: 60433. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org. |
| Envoyé | Oui |
| Condensat | vmware cisco the users 1587 2022 31680 60433 additional adherence adversary affected against all allow allows arbitrary are attacker attempts authentication available blog center change cisco code confirmed corrupt could crafted credentials current currently customers cve data deserialization detect disclosure discovered encouraged ensure entire environment execution exploit exploitable exploitation exploited firepower first following future have http information issue its java jon lead legitimate log machine manage management marcin may most munshaw noga one org pending platform please policy popular possible: post products recently refer released remote request resolved rule rules sends server snort software solutions soon specially spotlight: subject successful talos target targeted tested these triggered update users vcenter version virtual vms vmware vulnerability vulnerability: way will worked would your “icewall” |
| Tags | Vulnerability |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.