VMware fixes critical RCE bug in vRealize Business for Cloud

VMware has released security updates to address a critical severity vulnerability in vRealize Business for Cloud that enables unauthenticated attackers to remotely execute malicious code on vulnerable servers.

vRealize Business for Cloud is an automated cloud business management solution designed to provide IT teams with cloud planning, budgeting, and cost analysis tools.

The security vulnerability is tracked as CVE-2021-21984, and it impacts virtual appliances running VMware vRealize Business for Cloud prior to version 7.6.0.

The issue was discovered and reported to VMware by Positive Technologies web security researcher Egor Dimitrenko.

Exploitable upgrade APIs in the management interface

Attackers can exploit this security flaw using management interface (VAMI) upgrade APIs to gain access to unpatched vRealize Business for Cloud Virtual Appliances.

"VMware vRealize Business for Cloud contains a remote code execution vulnerability due to an unauthorised end point," the company explains.

"VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8."

This critical RCE vulnerability can be exploited by attackers remotely in low complexity attacks, without requiring authentication or user interaction.

VMware has released VMware vRealize Business for Cloud 7.6.0 to patch this security issue and recommends taking snapshots before applying the security patch.

How to patch vulnerable appliances

To fix the vulnerability on virtual appliances running vulnerable vRealize Business for Cloud versions, you will have to first download the Security Patch ISO file from the VMware Downloads page.

Next, you will have to go through the following steps to complete the upgrade process:

1. Connect the vRealize Business for Cloud  Server Appliance CD-ROM drive to the ISO file that you downloaded.
2. Log in to VAMI portal of vRealize Business for Cloud using root credentials
3. Click on the Update tab of the VAMI UI.
4. Click on the Settings under Update tab.
5. Select Use CDROM Updates under Update Repository and mount the path where you have uploaded ISO file and Save Settings.
6. Click on Install Updates under Status tab to upgrade to this build.

Admins should update appliances as soon as possible since VMware vulnerabilities have been exploited in the past by both state-sponsored hacking groups and ransomware attacks targeting enterprise networks.

In December, the National Security Agency (NSA) warned that Russian state-sponsored threat actors exploited a VMware Workspace One zero-day vulnerability to steal sensitive information after deploying web shells on vulnerable servers.

Multiple ransomware gangs, including RansomExx, Babuk Locker, and Darkside, have also used pre-auth RCE exploits to encrypt VMWare ESXi instances' virtual hard disks [1, 2] used by enterprises as centralized storage space.