VMware Patches Vulnerability on View PlannerResearchers Say Exploit Could Enable Remote Code Execution
VMware has issued patches for a critical vulnerability in its virtual desktop deployment platform, View Planner, which could enable remote code execution.
The vulnerability, CVE-2021-21978, has a CVSS ranking of 8.6, considered highly critical. The flaw is caused by improper input validation and lack of authorization, resulting in arbitrary file upload in VMware's View Planner web application.
"An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the log upload container," VMware notes.
VMware issued patches for the vulnerability on Tuesday and urged affected customers to immediately apply the fixes. The flaw was identified by a researcher at security firm Positive Technologies.
Nation-state hackers and others can potentially leverage highly critical vulnerabilities for large-scale compromises, security experts say.
"Vulnerabilities are the kryptonite of the software world; they are hard to locate, hard to weaponize, and extremely dangerous," says Jonathan Knudsen, senior security strategist at the security firm Synopsys. "Nation-states favor software-based attacks to further their geopolitical interests for the same reasons that criminals favor software-based attacks."
Satnam Narang, a staff research engineer at Tenable, notes: "Other vulnerabilities can be chained together by a determined threat actor to facilitate a further compromise of the targeted organization’s network. Threat actors can leverage these vulnerabilities in the coming days and weeks, which is why it is critically important for organizations to apply these patches immediately."
Security researchers have previously identified critical vulnerabilities in VMware devices.
In February, Positive Technologies noted that more than 6,000 VMware vCenter devices worldwide were susceptible to a critical remote code execution vulnerability. VMware has issued recommendations for patching the flaw (see: 6,000 VMware vCenter Devices Vulnerable to Remote Attacks).
In December 2020, the U.S. National Security Agency warned that Russian state-sponsored threat actors were attempting to exploit a vulnerability in several VMware products (see: NSA: Russian Hackers Exploiting VMware Vulnerability).