Threat Update
VMware is a virtualization and cloud computing vendor used by many companies worldwide. Recently, VMware announced that they released an update that patches a vulnerability related to the Log4j shell flaw within its Horizon Servers. Successful exploitation of these vulnerabilities could allow an attacker to execute remote code and install web shells on a device. Barracuda recommends ensuring that all VMWare Horizon Servers are updated to their latest versions, to allow for security patches to be implemented.
Technical Detail & Additional Information
WHAT IS THE THREAT?
CVE-2021-44228: This is a Remote Code Execution Vulnerability that has been widely exploited since it was discovered in early December of 2021. If leveraged, an attacker could potentially use this to execute remote commands, which would enable them to run anything they wanted on a vulnerable device. This could lead to data leakage, or even complete system compromise, which can lead to denial of service.
WHY IS IT NOTEWORTHY?
The shellshock Log4j Vulnerability is very well known to attackers at this point, and this vulnerability being discovered in a product that belongs to a company as widely used/known as VMWare creates a huge target for threat actors. Thousands of individuals and businesses use and trust VMware products. Because VMWare products are so widely used, and the Log4j Vulnerability has been so widely/easily exploited over the last few months, the scope for potential targets for attackers is large. It is very important to update these services immediately and continue to do so regularly to apply patches that prevent these vulnerabilities from being exploited.
WHAT IS THE EXPOSURE OR RISK?
The Log4j Vulnerability, if exploited, could potentially allow attackers to execute remote code on a device. Remote Code Execution attacks could lead to several possible compromises, such as data leakage, denial of service attacks, and even complete system compromises. VMWare Horizon servers are relied on by many businesses, and If one of these machines was compromised, attackers could gain access to sensitive information by executing arbitrary system commands and even create/delete files. Many companies rely on VMware servers remaining private and being able to use them to conduct everyday business. It only takes one line of text to trigger this attack, and many VMWare Horizon servers are still running vulnerable software versions, so it is very important to ensure that updates are applied to allow for these vulnerabilities to be patched.
WHAT ARE THE RECOMMENDATIONS?
VMware has released patches for these vulnerabilities. The Log4Shell vulnerabilities are patch in Horizon’s 2111, 7.13.1, 7.10.3 versions. Barracuda recommends ensuring all VM Ware Horizon servers are updated to those versions.
REFERENCES
For more in-depth information about the recommendations, please visit the following links:
If you have any questions, please contact our Security Operations Center.
