VMware fixed flaws in vROps that can be chained to compromise organizations

Pierluigi Paganini April 01, 2021

VMware addressed two vulnerabilities in its vRealize Operations (vROps) product that can expose organizations to a significant risk of attacks

The vROps delivers self-driving IT operations management for private, hybrid, and multi-cloud environments in a unified, AI-powered platform.

Security researcher Egor Dimitrenko from Positive Technologies discovered a server-side request forgery (SSRF) vulnerability tracked as CVE-2021-21975 and an arbitrary file write issue tracked as CVE-2021-21983.

The CVE-2021-21975 is a Server Side Request Forgery in vRealize Operations Manager API rated as “Important’ severity which received a CVSSv3 base score of 8.6.

The flaw can be exploited by an attacker with network access to the vRealize Operations Manager API to perform to steal administrative credentials.

The CVE-2021-21983 vulnerability is an arbitrary file write vulnerability that affects in vRealize Operations Manager API that was evaluated as ‘Important’ severity with a CVSSv3 base score of 7.2.

The flaw can be exploited by an authenticated attacker with network access to the vRealize Operations Manager API to write files to arbitrary locations on the underlying photon operating system.

The two vulnerabilities could be chained by a remote attacker to execute arbitrary code on a server giving and carry out multiple attacks on a company’s infrastructure.

“On March 30, Positive Technologies published a tweet highlighting the vulnerabilities discovered by Dimitrenko. The tweet disclosed a further risk to unpatched systems in which attackers could achieve unauthenticated RCE on vulnerable systems by chaining both CVE-2021-21975 and CVE-2021-21983 together.” reported Tenable. “No details have been shared publicly as to how this can be achieved, but we anticipate researchers or threat actors to develop a proof-of-concept (PoC) exploit in the near future.”

VMware released the following updates for vRealize Operations to fix the above flaws:

Affected ProductVulnerable VersionFixed VersionKB Article
vRealize Operations Manager8.3.0vROps-8.3.0-HF3KB83210
vRealize Operations Manager8.2.0vROps-8.2.0-HF4KB83095
vRealize Operations Manager8.1.1, 8.1.0vROps-8.1.1-HF6KB83094
vRealize Operations Manager8.0.1, 8.0.0vROps-8.0.1-HF7KB83093
vRealize Operations Manager7.5.0vROps-7.5.0-HF14KB82367

The virtualization giant has also provided workaround instructions for CVE-2021-21975 and CVE-2021-21983 that involve modifying the casa-security-context.xml file and restarting the Cluster Analytic (CaSA) service.

Experts urge organizations using vROps to install security patches to address the above vulnerabilities as soon as possible to mitigate the risk of cyber attacks exploiting them.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, RCE)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment