A group of database activity monitoring specialists has revealed the finding of a critical vulnerability in Cloud Director, a cloud resource deployment, automation and management platform developed by VMware. Exploiting this vulnerability would allow threat actors to access sensitive information and control private configuration cloud deployments within a complete infrastructure.
The security report mentions that the vulnerability can be exploited through HTML5 and Flex-based user interfaces, the Explorer API interface, and the access API. The flaw can be found in versions 10.0.x earlier than 10.0.0.2, in 9.7.0.x earlier than 9.7.0.5 and in 9.1.0.x earlier than 9.1.0.4.
Database activity monitoring specialists from Czech firm Citadelo discovered the vulnerability after a company (whose name was not revealed, but is known to be on the Fortune 500 list) to conduct a security audit on its cloud infrastructure. The cybersecurity firm also published a proof of concept to demonstrate the flaw’s exploitation.
“We discovered the flaw from a simple anomaly; when you enter ${7*7} as the host name for the SMTP server in vCloud Director, we sense an error: the string value is in an invalid format, indicating some form of expression language injection. We were able to evaluate simple server-side functions,” the Citadelo report says.
According to the database activity monitoring experts, using this condition as an entry point, arbitrary Java classes (such as “java.io.BufferedReader”) can be accessed and instantiated when sending malicious payloads in vulnerable software. In their proof of concept, researchers were able to:
- View the contents of the system database, including password hashes of the clients assigned to the deployment
- Modify the system database to access virtual machines
- Scale privileges from “Organization Administrator” to “System Administrator”
- Modify the Cloud Director login page, allowing hackers to get other customers’ passwords
- Access other sensitive customer-related data, such as full names, email addresses, or IP addresses
VMWare acknowledged the report and announced the release of the relevant fixes, which are already available. The company fixed the flaws in a number of updates covering versions 9.1.0.4, 9.5.0.6, 9.7.0.5 and 10.0.0.2. The company also published a workaround on its website.
For further reports on vulnerabilities, exploits, malware variants, and computer security risks, cybersecurity awareness experts recommend visiting the International Institute of Cyber Security (IICS) website, as well as official technology company platforms.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
