{"id":2593,"date":"2021-06-07T10:07:38","date_gmt":"2021-06-07T08:07:38","guid":{"rendered":"https:\/\/fortgale.com\/news\/?p=2593"},"modified":"2021-06-07T10:07:38","modified_gmt":"2021-06-07T08:07:38","slug":"vulnerabilita-vcenter-vmware","status":"publish","type":"post","link":"https:\/\/fortgale.com\/blog\/cyber-security-news\/vulnerabilita-vcenter-vmware\/","title":{"rendered":"Vulnerabilit\u00e0 vCenter VMWare"},"content":{"rendered":"\n<p style=\"text-align: justify\">Identificata una vulnerabilit\u00e0 di tipo <em>Remote Command Execution<\/em> per i prodotti vCenter di VMWare. Alla vulnerabilit\u00e0 \u00e8 stato assegnato uno score di 9.8 (<a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2021-0010.html?irclickid=UaYwS1QFuxyLUTH0WlXSvXJOUkBwSER5F2lmyE0&amp;utm_source=affiliate&amp;utm_medium=ONLINE_TRACKING_LINK_&amp;utm_campaign=Online%20Tracking%20Link&amp;utm_term=Network_Skimbit%20Ltd.&amp;irgwc=1\" class=\"ek-link\">advisory ufficiale<\/a>). CVE: 2021-21985, 2021-21986<\/p>\n<p style=\"text-align: justify\">La vulnerabilit\u00e0 permette a potenziali malintenzionati di accedere ai server vulnerabili ed eseguire comandi privilegiati per la compromissione del sistema.\u00a0<\/p>\n\n\n\n<div class=\"wp-block-group alignwide\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\">\n<h2 class=\"has-text-align-center wp-block-heading\">Sistemi vulnerabili<\/h2>\n\n\n\n<div class=\"wp-block-media-text alignwide\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2021\/06\/image-8.png\" alt=\"\" class=\"wp-image-2599\" loading=\"lazy\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p style=\"text-align: justify\">I sistemi vCenter Server sono prodotti utilizzati spesso all&#8217;interno del network aziendale. La presenza di questa vulnerabilit\u00e0 all&#8217;interno del perimetro ne riduce l&#8217;esposizione ai soli accessi interni.<\/p>\n<p>La criticit\u00e0 della vulnerabilit\u00e0 \u00e8 dovuta alla possibilit\u00e0 di un malintenzionato (con accesso di rete alla porta 443) di accedere al server VMWare.<\/p>\n\n\n\n<p style=\"text-align: justify\">E&#8217; possibile identificare i sistemi potenzialmente esposti su rete pubblica. In <strong>Italia potenzialmente 143 <\/strong>quelli vulnerabili. Nel <strong>mondo circa 5 mila<\/strong>.<br \/>Risulta necessario applicare le patch di sicurezza, per mitigare il rischio \u00e8 consigliato limitare l&#8217;accesso dalla rete internet.<\/p>\n<\/div><\/div>\n<\/div><\/div>\n\n\n\n<h2 class=\"has-text-align-center wp-block-heading\">Dettagli della vulnerabilit\u00e0<\/h2>\n\n\n\n<h5 class=\"wp-block-heading\">Dettaglio:<\/h5>\n\n\n\n<p style=\"text-align: justify\">Il client vSphere&nbsp;(HTML5) contiene una vulnerabilit\u00e0 legata all&#8217;esecuzione di codice in modalit\u00e0 remota&nbsp;dovuta alla mancanza di convalida dell&#8217;input nel plug-in Virtual SAN Health Check&nbsp;che \u00e8 abilitato per impostazione predefinita in&nbsp;vCenter Server.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">Come potrebbe essere sfruttata:<\/h5>\n\n\n\n<p style=\"text-align: justify\">Un malintenzionato con accesso alla porta 443 potrebbe sfruttare tale vulnerabilit\u00e0 eseguendo comandi sul vCenter Server.&nbsp;<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">Dettaglio sistemi vulnerabili:<\/h5>\n\n\n\n<figure class=\"wp-block-table alignwide\"><table class=\"\"><tbody><tr><td>Product<\/td><td>Version<\/td><td>Running On<\/td><td>CVE Identifier<\/td><td>CVSSv3<\/td><td>Severity<\/td><td>Fixed Version<\/td><td>Workarounds<\/td><td>Additional Documentation<\/td><\/tr><tr><td>vCenter Server<\/td><td>7.0<\/td><td>Any<\/td><td>CVE-2021-21985<\/td><td><a href=\"https:\/\/www.first.org\/cvss\/calculator\/3.1#CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\" target=\"_blank\" rel=\"noreferrer noopener\">9.8<\/a><\/td><td>Critical&nbsp;<\/td><td><a href=\"https:\/\/docs.vmware.com\/en\/VMware-vSphere\/7.0\/rn\/vsphere-vcenter-server-70u2b-release-notes.html\" target=\"_blank\" rel=\"noreferrer noopener\">7.0 U2b<\/a><\/td><td><a href=\"https:\/\/kb.vmware.com\/s\/article\/83829\" target=\"_blank\" rel=\"noreferrer noopener\">KB83829<\/a><\/td><td><a href=\"https:\/\/via.vmw.com\/vmsa-2021-0010-faq\" target=\"_blank\" rel=\"noreferrer noopener\">FAQ<\/a><\/td><\/tr><tr><td>vCenter Server<\/td><td>6.7<\/td><td>Any<\/td><td>CVE-2021-21985<\/td><td><a href=\"https:\/\/www.first.org\/cvss\/calculator\/3.1#CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\" target=\"_blank\" rel=\"noreferrer noopener\">9.8<\/a><\/td><td>Critical&nbsp;<\/td><td><a href=\"https:\/\/docs.vmware.com\/en\/VMware-vSphere\/6.7\/rn\/vsphere-vcenter-server-67u3n-release-notes.html\" target=\"_blank\" rel=\"noreferrer noopener\">6.7 U3n<\/a><\/td><td><a href=\"https:\/\/kb.vmware.com\/s\/article\/83829\" target=\"_blank\" rel=\"noreferrer noopener\">KB83829<\/a><\/td><td><a href=\"https:\/\/via.vmw.com\/vmsa-2021-0010-faq\" target=\"_blank\" rel=\"noreferrer noopener\">FAQ<\/a><\/td><\/tr><tr><td>vCenter Server<\/td><td>6.5<\/td><td>Any<\/td><td>CVE-2021-21985<\/td><td><a href=\"https:\/\/www.first.org\/cvss\/calculator\/3.1#CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H\" target=\"_blank\" rel=\"noreferrer noopener\">9.8<\/a><\/td><td>Critical&nbsp;<\/td><td><a href=\"https:\/\/docs.vmware.com\/en\/VMware-vSphere\/6.5\/rn\/vsphere-vcenter-server-65u3p-release-notes.html\" target=\"_blank\" rel=\"noreferrer noopener\">6.5 U3p<\/a><\/td><td><a href=\"https:\/\/kb.vmware.com\/s\/article\/83829\" target=\"_blank\" rel=\"noreferrer noopener\">KB83829<\/a><\/td><td><a href=\"https:\/\/via.vmw.com\/vmsa-2021-0010-faq\" target=\"_blank\" rel=\"noreferrer noopener\">FAQ<\/a><\/td><\/tr><\/tbody><\/table><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Sistemi vulnerabili Dettagli della vulnerabilit\u00e0 Dettaglio: Come potrebbe essere sfruttata: Dettaglio sistemi vulnerabili: Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation vCenter Server 7.0 Any CVE-2021-21985 9.8 Critical&nbsp; 7.0 U2b KB83829 FAQ vCenter Server 6.7 Any CVE-2021-21985 9.8 Critical&nbsp; 6.7 U3n KB83829 FAQ vCenter Server 6.5 Any CVE-2021-21985 9.8 Critical&nbsp; [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2599,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[14,15,87,89,264,287,310,316,372,378],"class_list":["post-2593","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security-news","tag-2021-21985","tag-2021-21986","tag-critical","tag-cve","tag-patch","tag-rce","tag-server","tag-shodan","tag-vcenter","tag-vmware"],"_links":{"self":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/2593","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/comments?post=2593"}],"version-history":[{"count":0,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/2593\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/media?parent=2593"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/categories?post=2593"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/tags?post=2593"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}