These VMware products can remotely execute code, so update now

By Scott Marlette Last updated Jan 17, 2023

Cybersecurity researchers from the Horizon3 Attack Team have announced plans to release a proof-of-concept (PoC) exploit for a critical vulnerability discovered in a number of VMware products.

Having a PoC released means cybercriminals will get an easy explanation of how to exploit a flaw, which could result in a strong rise in successful breaches.

The flaw in question is tracked as CVE-2022-47966, a vulnerability that allows threat actors to remotely execute code in ManageEngine servers that have had the SAML-based single-sign-on (SSO) enabled at some point in the past (so turning the feature off will solve nothing). The vulnerable endpoints are using an outdated third-party dependency called Apache Santuario, the researchers said, adding that the attackers need not authenticate in order to run the code remotely.

Spray and pray

“The vulnerability is easy to exploit and a good candidate for attackers to ‘spray and pray’ across the Internet. This vulnerability allows for remote code execution as NT AUTHORITYSYSTEM, essentially giving an attacker complete control over the system,” the researchers warned.

“If a user determines they have been compromised, additional investigation is required to determine any damage an attacker has done. Once an attacker has SYSTEM level access to the endpoint, attackers are likely to begin dumping credentials via LSASS or leverage existing public tooling to access stored application credentials to conduct lateral movement.”

Although almost all ManageEngine products are vulnerable to the flaw, parent company Zoho was said to have already released a patch.

Using Shodan to search for unpatched endpoints, the researchers found “thousands” of vulnerable ManageEngine products, instances of ServiceDesk Plus and Endpoint Central.

Right now, there are no reports of CVE-2022-47966 being exploited in the wild, but if IT admins don’t patch the vulnerability on time, we can expect such reports to start pouring in sooner rather than later.

Via: BleepingComputer (opens in new tab)

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.