Mirage News
Mirage News
National
 Date Time

Multiple Vulnerabilities in VMware vRealize Hyperic monitoring and performance management product

Australian Cyber Security Centre

Background / What has happened?

The ACSC has identified three previously unreported vulnerabilities in VMware Hyperic Server and VMware Hyperic Agent.

  • CVE-2022-38650: A remote unauthenticated insecure deserialisation vulnerability in VMWare Hyperic Server. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with the privileges of the Hyperic server process.
  • CVE-2022-38651: A security filter misconfiguration in VMWare Hyperic Server. Exploitation of this vulnerability enables a malicious party to bypass some authentication requirements when issuing requests to Hyperic Server.
  • CVE-2022-38652: A remote post-authentication insecure deserialisation vulnerability in VMWare Hyperic Agent. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within a Hyperic Agent instance and its host operating system with the privileges of the Hyperic Agent process (often SYSTEM on Windows platforms). While this vulnerability is post-authentication, prior exploitation of CVE-2022-38650 results in the disclosure of the authentication material required to exploit this vulnerability.

The combined impact of these vulnerabilities is that an unauthenticated malicious party, with network connectivity to Hyperic Server, is able to execute arbitrary code or malware within Hyperic Server and on any connected Hyperic Agent installations (often with SYSTEM privileges). Hyperic Server is commonly configured to communicate with other VMWare services and authentication providers (Active Directory, LDAP). It is possible that credentials to these services may be compromised following exploitation of Hyperic Server, resulting in further exploitation of an organisation's virtualisation and directory services.

Mitigation / How do I stay secure?

The ACSC understands that VMware Hyperic has reached End of General Support/End of Life (EOL), further updates or patches to address the vulnerabilities identified in this advisory will not be released. VMWare recommends customers upgrade to more recent suites of their products that do not include Hyperic Server.

The ACSC recommends that VMWare Hyperic Server and VMWare Hyperic Agent installations be removed from affected networks.

As the product must be reachable via the network from any monitored hosts, the ACSC does not believe restricting network connectivity to Hyperic Server to be an effective mitigation.

Assistance / Where can I go for help?

/Public Release. This material from the originating organization/author(s) might be of the point-in-time nature, and edited for clarity, style and length. Mirage.News does not take institutional positions or sides, and all views, positions, and conclusions expressed herein are solely those of the author(s).View in full here.
Tags: , , , , , , , , , , , ,

You might also like

Zombie Stars: White Dwarfs and Stellar Resurrection
Biomimicry in Fashion: How Nature Inspires Material Innovation
Power of Play: Leisure & Recreation Impact Across Ages
Salt Paradox: Essential Mineral You Shouldn't Have Much Of
Super Animals: Real-Life Creatures with Extraordinary Abilities
Cognitive Offloading: How Technology Changing Our Brains