go to sections menu

VMware, can it be a problem too? from blog The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary > VMware, can it be a problem too?

Go to Homepage, contents or to navigation menu



VMware, can it be a problem too?

In my last write up, I neglected to write about one article that is related to the Solar Wind fiasco, and that is dealing with VMware. The article is entitled VMware Flaw a Vector in SolarWinds Breach? and so far, there is no indication of this.

According to this article, it says:

In its advisory on the VMware vulnerability, the NSA urged patching it “as soon as possible,” specifically encouraging the National Security System, Department
of Defense, and defense contractors to make doing so a high priority.

The NSA said that in order to exploit this particular flaw, hackers would already need to have access to a vulnerable VMware device’s management interface
— i.e., they would need to be on the target’s internal network (provided the vulnerable VMware interface was not accessible from the Internet). However,
the SolarWinds compromise would have provided that internal access nicely.

In response to questions from KrebsOnSecurity, VMware said it has “received no notification or indication that the CVE 2002-4006 was used in conjunction
with the SolarWinds supply chain compromise.”

VMware added that while some of its own networks used the vulnerable SolarWinds Orion software, an investigation has so far revealed no evidence of exploitation.

“While we have identified limited instances of the vulnerable SolarWinds Orion software in our environment, our own internal investigation has not revealed
any indication of exploitation,” the company said in a statement. “This has also been confirmed by SolarWinds own investigations to date.”

The NSA has not yet responded to requests for comment.

It is possible that VMware may have a foothold if the actors used it, but from what I’m reading to date, this doesn’t seem to be the case. Thoughts on this one?


Informazioni sull'articolo

VMware, can it be a problem too? was released on December 19, 2020 at 1:56 pm by tech in article commentary.
Last modified: December 19, 2020.


Comments (0)

No comments yet.

Leave a comment

You must be logged in to post a comment.

go to sections menu


navigation menu

go to sections menu