Governance & Risk Management , IT Risk Management , Patch Management

VMware Patches Vulnerability on View Planner

Researchers Say Exploit Could Enable Remote Code Execution
VMware Patches Vulnerability on View Planner

VMware has issued patches for a critical vulnerability in its virtual desktop deployment platform, View Planner, which could enable remote code execution.

See Also: Live Webinar | Securing the Cloud: Mitigating Vulnerabilities for Government

The vulnerability, CVE-2021-21978, has a CVSS ranking of 8.6, considered highly critical. The flaw is caused by improper input validation and lack of authorization, resulting in arbitrary file upload in VMware's View Planner web application.

"An unauthorized attacker with network access to View Planner Harness could upload and execute a specially crafted file leading to remote code execution within the log upload container," VMware notes.

VMware issued patches for the vulnerability on Tuesday and urged affected customers to immediately apply the fixes. The flaw was identified by a researcher at security firm Positive Technologies.

Exploit Risk

Nation-state hackers and others can potentially leverage highly critical vulnerabilities for large-scale compromises, security experts say.

"Vulnerabilities are the kryptonite of the software world; they are hard to locate, hard to weaponize, and extremely dangerous," says Jonathan Knudsen, senior security strategist at the security firm Synopsys. "Nation-states favor software-based attacks to further their geopolitical interests for the same reasons that criminals favor software-based attacks."

Satnam Narang, a staff research engineer at Tenable, notes: "Other vulnerabilities can be chained together by a determined threat actor to facilitate a further compromise of the targeted organization’s network. Threat actors can leverage these vulnerabilities in the coming days and weeks, which is why it is critically important for organizations to apply these patches immediately."

Past Threats

Security researchers have previously identified critical vulnerabilities in VMware devices.

In February, Positive Technologies noted that more than 6,000 VMware vCenter devices worldwide were susceptible to a critical remote code execution vulnerability. VMware has issued recommendations for patching the flaw (see: 6,000 VMware vCenter Devices Vulnerable to Remote Attacks).

In December 2020, the U.S. National Security Agency warned that Russian state-sponsored threat actors were attempting to exploit a vulnerability in several VMware products (see: NSA: Russian Hackers Exploiting VMware Vulnerability).

About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.