VMware Security Advisory

VMSA-2020-0009 – VMware vRealize Operations Manager Vulnerability

Updated on 16 May 2020 with fixed versions of vRealize Operations.

VMware has released a new security advisory VMSA-2020-0009: VMware vRealize Operations Manager addresses Authentication Bypass and Directory Traversal vulnerabilities.

Two vulnerabilities were disclosed in Salt, an open source project by SaltStack, which is used by VMware vRealize Operations Manager. This advisory documents the remediation of one critical and one important issues. The Application Remote Collector (ARC) introduced with vRealize Operations Manager 7.5 utilizes Salt and as such presents two vulnerabilities, one authentication bypass and one directory traversal.

The Common Vulnerabilities and Exposures project has assigned the identifiers CVE-2020-11651 to the authentication bypass vulnerability and CVE-2020-11652 to the directory traversal.

A malicious actor with network access to port 4505 or 4506 on the ARC may take control of the ARC and any Virtual Machines the ARC may have deployed a Telegraf agent to. For the second vulnerability, a malicious actor with network access to port 4505 or 4506 on the ARC may access the entirety of the ARC filesystem.

Read More