VMware has issued a security advisory update, warning of an exploit code that targets a critical vulnerability in VMware Aria Operations for Logs (formerly known as vRealize Log Insight). This vulnerability allows remote attackers to execute arbitrary code with root privileges without the need to log in.
In April, VMware addressed two security gaps in the cloud analysis tool. One of the vulnerabilities, classified as “critical,” involves deserialization and enables intruders to run any code as root. However, the manufacturer has not provided any further details about this vulnerability. The second vulnerability, classified as “high,” allows malicious actors with administrative privileges to run arbitrary commands as the root user.
Exploit code for the deserialization vulnerability has recently been discovered. VMware confirms that this exploit code has been published, indicating that cybercriminals may soon gain access to it. Although there have been no known instances of misuse so far, VMware urges IT managers to download and install the available update without delay.
The recommended update is either VMware Aria Operations for Logs 8.12 release, which addresses the vulnerability, or an update to VMware Cloud Foundation 4.5.1 or newer. By taking these proactive measures, organizations can protect their systems from potential attacks exploiting this critical vulnerability.