VMware, can it be a problem too?

In my last write up, I neglected to write about one article that is related to the Solar Wind fiasco, and that is dealing with VMware. The article is entitled VMware Flaw a Vector in SolarWinds Breach? and so far, there is no indication of this.

According to this article, it says:

In its advisory on the VMware vulnerability, the NSA urged patching it “as soon as possible,” specifically encouraging the National Security System, Department
of Defense, and defense contractors to make doing so a high priority.

The NSA said that in order to exploit this particular flaw, hackers would already need to have access to a vulnerable VMware device’s management interface
— i.e., they would need to be on the target’s internal network (provided the vulnerable VMware interface was not accessible from the Internet). However,
the SolarWinds compromise would have provided that internal access nicely.

In response to questions from KrebsOnSecurity, VMware said it has “received no notification or indication that the CVE 2002-4006 was used in conjunction
with the SolarWinds supply chain compromise.”

VMware added that while some of its own networks used the vulnerable SolarWinds Orion software, an investigation has so far revealed no evidence of exploitation.

“While we have identified limited instances of the vulnerable SolarWinds Orion software in our environment, our own internal investigation has not revealed
any indication of exploitation,” the company said in a statement. “This has also been confirmed by SolarWinds own investigations to date.”

The NSA has not yet responded to requests for comment.

It is possible that VMware may have a foothold if the actors used it, but from what I’m reading to date, this doesn’t seem to be the case. Thoughts on this one?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.