Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.1640 VMware vRealize Operations Manager vulnerabilities 11 May 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: VMware vRealize Operations Manager Publisher: VMware Operating System: Virtualisation Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Unauthorised Access -- Remote/Unauthenticated Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2020-11652 CVE-2020-11651 Reference: ESB-2020.1607.2 ESB-2020.1547 Original Bulletin: https://www.vmware.com/security/advisories/VMSA-2020-0009.html - --------------------------BEGIN INCLUDED TEXT-------------------- VMware Security Advisories +---------+-------------------------------------------------------------------+ |Advisory |VMSA-2020-0009 | |ID | | +---------+-------------------------------------------------------------------+ |Advisory |Critical | |Severity | | +---------+-------------------------------------------------------------------+ |CVSSv3 |7.5 - 10.0 | |Range | | +---------+-------------------------------------------------------------------+ | |VMware vRealize Operations Manager addresses Authentication Bypass | |Synopsis |and Directory Traversal vulnerabilities (CVE-2020-11651, | | |CVE-2020-11652) | +---------+-------------------------------------------------------------------+ |Issue |2020-05-08 | |Date | | +---------+-------------------------------------------------------------------+ |Updated |2020-05-08 (Initial Advisory) | |On | | +---------+-------------------------------------------------------------------+ |CVE(s) |CVE-2020-11651, CVE-2020-11652 | +---------+-------------------------------------------------------------------+ 1. Impacted Products VMware vRealize Operations Manager 2. Introduction Two vulnerabilities were disclosed in Salt, an open source project by SaltStack, which have been determined to affect VMware vRealize Operations Manager. Workarounds are available to address these vulnerabilities in affected VMware products. 3. VMware vRealize Operations Manager (vROps) addresses Authentication Bypass (CVE-2020-11651) and Directory Traversal (CVE-2020-11652) vulnerabilities. Description: The Application Remote Collector (ARC) introduced with vRealize Operations Manager 7.5 utilizes Salt which is affected by CVE-2020-11651 and CVE-2020-11652. VMware has evaluated CVE-2020-11651 (Authentication Bypass) to be in the Critical severity range with a maximum CVSSv3 base score of 10.0 and CVE-2020-11652 (Directory Traversal) to be in the Important severity range with a maximum CVSSv3 base score of 7.5. Known Attack Vectors: CVE-2020-11651 (Authentication Bypass) may allow a malicious actor with network access to port 4505 or 4506 on the ARC to take control of the ARC and any Virtual Machines the ARC may have deployed a Telegraf agent to. CVE-2020-11652 (Directory Traversal) may allow a malicious actor with network access to port 4505 or 4506 on the ARC to access the entirety of the ARC filesystem. Resolution: Updates to remediate CVE-2020-11651 and CVE-2020-11652 are forthcoming. Workarounds: Workarounds for CVE-2020-11651 and CVE-2020-11652 have been documented in the VMware Knowledge Base article listed in the "Workarounds" column of the "Response Matrix" below. Additional Documentation: None. Notes: None. Acknowledgements: None. +-------+-------+---------+---------------+------+--------+----------+-----------+-------------+ |Product|Version|Running |CVE Identifier |CVSSV3|Severity|Fixed |Workarounds|Additional | | | |On | | | |Version | |Documentation| +-------+-------+---------+---------------+------+--------+----------+-----------+-------------+ |vROps |8.1.0 |Virtual |CVE-2020-11651,|10.0 |Critical|Updates |KB79031 |None | | | |Appliance|CVE-2020-11652 | | |Pending | | | +-------+-------+---------+---------------+------+--------+----------+-----------+-------------+ |vROps |8.0.x |Virtual |CVE-2020-11651,|10.0 |Critical|Updates |KB79031 |None | | | |Appliance|CVE-2020-11652 | | |Pending | | | +-------+-------+---------+---------------+------+--------+----------+-----------+-------------+ |vROps |7.5.0 |Virtual |CVE-2020-11651,|10.0 |Critical|Updates |KB79031 |None | | | |Appliance|CVE-2020-11652 | | |Pending | | | +-------+-------+---------+---------------+------+--------+----------+-----------+-------------+ |vROps |7.0.0 |Virtual |CVE-2020-11651,|N/A |N/A |Unaffected|N/A |N/A | | | |Appliance|CVE-2020-11652 | | | | | | +-------+-------+---------+---------------+------+--------+----------+-----------+-------------+ 4. References Workarounds: https://kb.vmware.com/s/article/79031 3rd Party Disclosure: https://community.saltstack.com/blog/ critical-vulnerabilities-update-cve-2020-11651-and-cve-2020-11652/ Mitre CVE Dictionary Links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11651 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11652 FIRST CVSSv3 Calculator: CVE-2020-11651 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/ PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2020-11652 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/ PR:N/UI:N/S:U/C:H/I:N/A:N 5. Change log 2020-05-08 VMSA-2020-0009 Initial security advisory. 6. Contact E-mail list for product security notifications and announcements: https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXrjVLGaOgq3Tt24GAQhJGBAAxDzyU+9SYtVM/V60NYbtMdw1qKZb1ip1 54OSc2SqUHUjuGz8r0yGpAI9rAnRCuHxBI7sqcji+LFKRGuYnZ8kgCnOAsjFx7w5 aoVWfFRO0Nh0wxqmYF9VgF2uukTLkqxiYth637lLHkWjsM+1I4bPgur4nZ45A/3O 2H+ZLA8LbzJxkVPE+6Q2Gn1frJXxFR3yZS1sS8zRp1Oco9IuTVpeKfr5q6YrjUxL lsHnvYLPIAo/JtRTHvZ/PNGP+Rz8JNfnwI4m1fuza/5zM4JE/PXvPkFC+01KAUoX EzHZY5+ojBFBpJ3uaG9MEupborHy6joAgtRqCkYS8DMp8m7FVbto37gjabKNXCVd X9bow+GbSP2mAF+wGijQY/c6EJXTBBBwsRVMBAeZY8lcYbjtfAqaUGDCHA4yMFWa lIo5tw2xOc4E+94wQekZZggpo1F9G7ZKSFu6zfNO9k+Qbehv6spEAU+t8+fi9wWV +igdWTQJ3Wse1JTmVggw7K4fEh1COf+Gu+laqfRzQ1rAng6CiFV3r3XN3NpxQwAc jPYgYKE35M8NIP2R9kMTZEDArv/If1z81Tlvcmx30Q3xe+04Hp49LxaO3E/q6nMM 6oR7NlB+eW2F9xUc0TW6i8AMhiSefwA2kIYII9pjcPXbvnvvG863uSUwbsAyoIYf qRiyMsaagbw= =wKJn -----END PGP SIGNATURE-----