Table of Contents
  • Home
  • /
  • Blog
  • /
  • How To Fix CVE-2022-22966- A Critical RCE Vulnerability In VMWare Cloud Director That Let Attackers Takeover Entire Cloud Infrastructure
April 15, 2022
|
6m

How To Fix CVE-2022-22966- A Critical RCE Vulnerability In VMWare Cloud Director That Let Attackers Takeover Entire Cloud Infrastructure


How To Fix Cve 2022 22966 A Critical Rce Vulnerability In Vmware Cloud Director

https://thesecmaster.com/blog/the-simplest-way-to-install-wordpress-on-linux-windows-and-cloud-servers/Virtualization and cloud computing giant VMWare published a security advisory about a critical RCE vulnerability in VMWare Cloud Director. The bug is being tracked as CVE-2022-22966 with a CVSS score of 9.1, which is a critical remote code execution vulnerability that could allow attackers to completely take over the cloud infrastructure. This vulnerability is going to be important for all VMWare cloud customers. We have published this post that talks about how to Fix CVE-2022-22966- a critical RCE vulnerability in VMWare Cloud Director that lets attackers take over the entire cloud infrastructure.

About VMWare Cloud Director:

VMWare Cloud Director is a cloud computing platform that enables users to create and manage virtual machines in a cloud environment. VMWare Cloud Director allows users to create and manage virtual networks, storage devices, and other resources needed to run their applications in the cloud.

Some key Features Of VMWare Cloud Director Include:

  • Resource management and monitoring: VMWare Cloud Director provides a unified interface for managing virtualized data centers, networks, and storage resources. You can also monitor resource utilization and performance in real-time.

  • Self-service catalog: VMWare Cloud Director provides a catalog of IT resources that users can browse and request. The catalog can include VMs, templates, vApps, media files, and more.

  • Resource provisioning: VMWare Cloud Director automates the process of provisioning IT resources. This includes tasks such as configuring networking, storage, and security settings.

  • Usage tracking: VMWare Cloud Director tracks usage of IT resources so that you can charge for services accordingly. This feature can help you recover costs and make money from your cloud infrastructure.

  • Multi-tenant support: VMWare Cloud Director enables you to offer isolated virtual datacenters (VDCs) for each tenant organization. This helps to ensure that each tenant has its own dedicated resources and cannot access or interfere with other tenants’ VDCs.

Summary Of CVE-2022-22966- A Critical RCE Vulnerability In VMWare Cloud Director:

It is a critical remote code execution vulnerability that allows an authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server. This means successful exploitation could allow the attacker to completely take over the cloud infrastructure.

Associated CVE IDCVE-2022-22966
DescriptionA Critical Remote Code Execution Vulnerability in VMWare Cloud Director.
Associated ZDI ID
CVSS Score9.1 Critical
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PR)High
User Interaction (UI)None
ScopeChanged
Confidentiality (C)High
Integrity (I)High
availability (a)High

VMWare Cloud Director Version Affected:

It is important to know the versions affected by this vulnerability. As per the advisory published by VMWare, the flaw affects VMWare Cloud Director (vCloud Director) versions 9.7, 10.0, 10.1.x, 10.2.x, and 10.3.x. If you are running vCloud Director of any of these versions, please try to fix CVE-2022-22966, a critical RCE vulnerability in VMWare Cloud Director that lets attackers take over the entire cloud infrastructure.

How To Fix CVE-2022-22966- A Critical RCE Vulnerability In VMWare Cloud Director?

VMWare acknowledged the flaw by releasing patched versions. The flaw will be permanently fixed if you upgrade vCloud Director to these recommended versions. We strongly urge you to upgrade your VMWare Cloud Director v10.1.x, 10.2.x, and 10.3.x to the 10.1.4.110.2.2.3, and 10.3.3 respectively.

VMware Cloud Director VersionFixed VersionRelease Date
9.7No Fix available, apply workaround.ORupgrade to 10.1.4.1, 10.2.2.3, or 10.3.3.April 14th 2022
10.0No Fix available, apply workaround.ORupgrade to 10.1.4.1, 10.2.2.3, or 10.3.3.April 14th 2022
10.1.x10.1.4.1April 14th 2022
10.2.x10.2.2.3April 14th 2022
10.3.x10.3.3April 14th 2022

If you are running v9.7 and 10.0, you should need to upgrade to 10.1.x, 10.2.x, or 10.3.x, and then apply the patch. If you are not able to upgrade your vCloud Director, you can mitigate the CVE-2022-22966vulnerability by applying the workaround.

Note: 

  1. This workaround is applicable only to VMware Cloud Director versions 9.7, 10.0, 10.1, 10.2, and 10.3. Don’t apply this workaround to other VMware products.

  2. VMWare claims that there is no functionality impact implementing this workaround.

How to apply the Workaround for CVE-2022-22966?

Step 1. Download and execute the WA_CVE-2022-22966.sh script

Login to any Cell within the Server Group using SSH. Get the WA_CVE-2022-22966.sh script from the support. Copy the script to the /tmp directory in the appliance. Enable execute permission using these commands.
1.
# cd /tmp
2.
# chown root:vcloud WA_CVE-2022-22966.sh 
3.
# chmod 740 WA_CVE-2022-22966.sh 
4.
# ./WA_CVE-2022-22966.sh 

The script will restart the cmware-vcd services.

Step 2. Confirm the vmware-vcd service have successfully restarted

Check the recently written lines of cell.log to confirm the service restarted process is completed successfully.

# tail -f  /opt/vmware/vcloud-director/logs/cell.log

Step 3. Validate the patch has applied on VMWare Cloud Director

Run the script again. You are successfully patched if the scrip returns “Protected”.

# ./WA_CVE-2022-22966.sh 

Step 4. [Optional] Additional steps to validate the patch

This step is optional. You can check the existing config and also the runtime settings of the Cloud Director Cell to validate the patch has been applied.
Run these command to check the existing config;

# grep trustSerialData /opt/vmware/vcloud-director/bin/vmware-vcd-cell-common

Please check
here to see the runtime settings.

Step 5. [Optional] JRE Upgrade

Some instances may need JRE upgradation to apply the workaround. Follow the steps below
1. Move to the Cloud Director directory1. # cd /opt/vmware/vcloud-director/2.Remove the existing JRE directory and files1. # rm -rf jre3. Extract the pre-patch JRE directory and files1. # tar xvfz /tmp/jre_backup.tar.gz 4. Start the Cloud Director Service1. # service vmware-vcd restart5. Ensure the services on the current Cloud Director Cell have restarted before proceeding with running the script on subsequent Cells.1. # tail -f  /opt/vmware/vcloud-director/logs/cell.lo

We hope this post would help you know how to Fix CVE-2022-22966- a critical RCE vulnerability in VMWare Cloud Director that let attackers take over the entire cloud infrastructure. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblrMedium & Instagram, and subscribe to receive updates like this. 

You may also like these articles:

Arun KL

Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.

Recently added

Vulnerabilities

View All

Learn More About Cyber Security Security & Technology

“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”

Cybersecurity All-in-One For Dummies - 1st Edition

"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.

Tools

Featured

View All

Learn Something New with Free Email subscription

Subscribe

Subscribe