What would you like first....the good news or the bad news?
Let’s get the bad news out of the way first. Shall we?
The bad news is that ZDNet reported that RCE is BACK. “Once again, if a malicious actor can hit port 443 on vCenter Server, it's goodnight nurse”.
If you haven't patched your vCenter recently you need to do so at the earliest opportunity because VMware has warned of a file upload vulnerability in the analytics service of the vCenter Server.
The vulnerability has a CVSSv3 score of 9.8 - so it’s important that you do something about it.
Otherwise, attackers could “gain access to a user account in the platform, thus rendering any post-auth vulnerability exploitable without authentication."
This means hackers can gain post-authorization access to the management of the server, allowing them to carry out any exploits they wish as if they were the admin of the system.
The good news is that there is a solution to these problems. You can protect the management ports from unauthorized access thereby removing the ability to get post-auth privileges.
BlastWave’s solution, VMShield, can protect your VMware systems, as well as your production/application servers by deploying as a software gateway that makes your virtual platforms invisible.
Only users who have been authorized and authenticated via our password-less, biometric, multi-factor authentication process, will be granted visibility.
For more information on VMshield, go to www.blastwave.io/vmshield