Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

VMware is going to fix recent Salt issues in vROps

VMware is going to address vulnerabilities impacting the vRealize Operations Manager (vROps) product, including two recently disclosed Salt issues. Recently, researchers from F-Secure disclosed a number of vulnerabilities in the “Salt” framework, including two issues that have been exploited by attackers to take over Salt installations. The two flaws, tracked as CVE-2020-11651 and CVE-2020-11652, are a directory […]

VMware vROps

VMware is going to address vulnerabilities impacting the vRealize Operations Manager (vROps) product, including two recently disclosed Salt issues.

Recently, researchers from F-Secure disclosed a number of vulnerabilities in the “Salt” framework, including two issues that have been exploited by attackers to take over Salt installations.

The two flaws, tracked as CVE-2020-11651 and CVE-2020-11652, are a directory traversal issue and an authentication bypass vulnerability respectively. Chaining the issue, an attacker could bypass authentication and run arbitrary code on Salt master servers exposed online.

Administrators of Salt servers reported attacks exploiting the above vulnerabilities last week, threat actors used them to deliver backdoors and miners.

Several organizations disclosed data breaches that involved exploitation of the above flaws, including LineageOS, Ghost, and DigiCert.

According to VMware, the Application Remote Collector (ARC) feature implemented in vROps 7.5 uses the Salt framework. The company rated as critical severity the authentication bypass flaw and as important severity the directory traversal issue.

“The Application Remote Collector (ARC) introduced with vRealize Operations Manager 7.5 utilizes Salt which is affected by CVE-2020-11651 and CVE-2020-11652. VMware has evaluated CVE-2020-11651 (Authentication Bypass) to be in the Critical severity range with a maximum CVSSv3 base score of 10.0 and CVE-2020-11652 (Directory Traversal) to be in the Important severity range with a maximum CVSSv3 base score of 7.5.” reads the advisory published by VMWare.

“CVE-2020-11651 (Authentication Bypass) may allow a malicious actor with network access to port 4505 or 4506 on the ARC to take control of the ARC and any Virtual Machines the ARC may have deployed a Telegraf agent to. CVE-2020-11652 (Directory Traversal) may allow a malicious actor with network access to port 4505 or 4506 on the ARC to access the entirety of the ARC filesystem,”

vROps 8.1.0, 8.0.x and 7.5.0 versions are affected by the vulnerabilities, VMware announced that it plans to release security patches are soon as possible. The virtualization giant has provided workarounds to mitigate the issues.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Facebook, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]