Virtualization and cloud computing giant VMWare published a security advisory about a critical RCE vulnerability in VMWare Cloud Director. The bug is being tracked as CVE-2022-22966 with a CVSS score of 9.1, which is a critical remote code execution vulnerability that could allow attackers to completely take over the cloud infrastructure. This vulnerability is going to be important for all VMWare cloud customers. We have published this post that talks about how to Fix CVE-2022-22966- a critical RCE vulnerability in VMWare Cloud Director that lets attackers take over the entire cloud infrastructure.
Table of Contents
About VMWare Cloud Director:
VMWare Cloud Director is a cloud computing platform that enables users to create and manage virtual machines in a cloud environment. VMWare Cloud Director allows users to create and manage virtual networks, storage devices, and other resources needed to run their applications in the cloud.
Some key Features Of VMWare Cloud Director Include:
- Resource management and monitoring: VMWare Cloud Director provides a unified interface for managing virtualized data centers, networks, and storage resources. You can also monitor resource utilization and performance in real-time.
- Self-service catalog: VMWare Cloud Director provides a catalog of IT resources that users can browse and request. The catalog can include VMs, templates, vApps, media files, and more.
- Resource provisioning: VMWare Cloud Director automates the process of provisioning IT resources. This includes tasks such as configuring networking, storage, and security settings.
- Usage tracking: VMWare Cloud Director tracks usage of IT resources so that you can charge for services accordingly. This feature can help you recover costs and make money from your cloud infrastructure.
- Multi-tenant support: VMWare Cloud Director enables you to offer isolated virtual datacenters (VDCs) for each tenant organization. This helps to ensure that each tenant has its own dedicated resources and cannot access or interfere with other tenants’ VDCs.
Summary Of CVE-2022-22966- A Critical RCE Vulnerability In VMWare Cloud Director:
It is a critical remote code execution vulnerability that allows an authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server. This means successful exploitation could allow the attacker to completely take over the cloud infrastructure.
|Associated CVE ID||CVE-2022-22966|
|Description||A Critical Remote Code Execution Vulnerability in VMWare Cloud Director.|
|Associated ZDI ID||–|
|CVSS Score||9.1 Critical|
|Attack Vector (AV)||Network|
|Attack Complexity (AC)||Low|
|Privilege Required (PR)||High|
|User Interaction (UI)||None|
VMWare Cloud Director Version Affected:
It is important to know the versions affected by this vulnerability. As per the advisory published by VMWare, the flaw affects VMWare Cloud Director (vCloud Director) versions 9.7, 10.0, 10.1.x, 10.2.x, and 10.3.x. If you are running vCloud Director of any of these versions, please try to fix CVE-2022-22966, a critical RCE vulnerability in VMWare Cloud Director that lets attackers take over the entire cloud infrastructure.
How To Fix CVE-2022-22966- A Critical RCE Vulnerability In VMWare Cloud Director?
VMWare acknowledged the flaw by releasing patched versions. The flaw will be permanently fixed if you upgrade vCloud Director to these recommended versions. We strongly urge you to upgrade your VMWare Cloud Director v10.1.x, 10.2.x, and 10.3.x to the 10.1.4.1, 10.2.2.3, and 10.3.3 respectively.
|VMware Cloud Director Version||Fixed Version||Release Date|
|9.7||No Fix available, apply workaround.ORupgrade to 10.1.4.1, 10.2.2.3, or 10.3.3.||April 14th 2022|
|10.0||No Fix available, apply workaround.ORupgrade to 10.1.4.1, 10.2.2.3, or 10.3.3.||April 14th 2022|
|10.1.x||10.1.4.1||April 14th 2022|
|10.2.x||10.2.2.3||April 14th 2022|
|10.3.x||10.3.3||April 14th 2022|
If you are running v9.7 and 10.0, you should need to upgrade to 10.1.x, 10.2.x, or 10.3.x, and then apply the patch. If you are not able to upgrade your vCloud Director, you can mitigate the CVE-2022-22966vulnerability by applying the workaround.
- This workaround is applicable only to VMware Cloud Director versions 9.7, 10.0, 10.1, 10.2, and 10.3. Don’t apply this workaround to other VMware products.
- VMWare claims that there is no functionality impact implementing this workaround.
How to apply the Workaround for CVE-2022-22966?
- Download and execute the WA_CVE-2022-22966.sh script
Login to any Cell within the Server Group using SSH. Get the WA_CVE-2022-22966.sh script from the support. Copy the script to the /tmp directory in the appliance. Enable execute permission using these commands.
1. # cd /tmp
2.# chown root:vcloud WA_CVE-2022-22966.sh
3. # chmod 740 WA_CVE-2022-22966.sh
4. # ./WA_CVE-2022-22966.sh
The script will restart the cmware-vcd services.
- Confirm the vmware-vcd service have successfully restarted
Check the recently written lines of cell.log to confirm the service restarted process is completed successfully.
# tail -f /opt/vmware/vcloud-director/logs/cell.log
- Validate the patch has applied on VMWare Cloud Director
Run the script again. You are successfully patched if the scrip returns “Protected”.
- [Optional] Additional steps to validate the patch
This step is optional. You can check the existing config and also the runtime settings of the Cloud Director Cell to validate the patch has been applied.
Run these command to check the existing config;
# grep trustSerialData /opt/vmware/vcloud-director/bin/vmware-vcd-cell-common
Please check here to see the runtime settings.
- [Optional] JRE Upgrade
Some instances may need JRE upgradation to apply the workaround. Follow the steps below
1. Move to the Cloud Director directory
1. # cd /opt/vmware/vcloud-director/
2.Remove the existing JRE directory and files
1. # rm -rf jre
3. Extract the pre-patch JRE directory and files
1. # tar xvfz /tmp/jre_backup.tar.gz
4. Start the Cloud Director Service
1. # service vmware-vcd restart
5. Ensure the services on the current Cloud Director Cell have restarted before proceeding with running the script on subsequent Cells.
1. # tail -f /opt/vmware/vcloud-director/logs/cell.lo
We hope this post would help you know how to Fix CVE-2022-22966- a critical RCE vulnerability in VMWare Cloud Director that let attackers take over the entire cloud infrastructure. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this.