Why Only EASM can provide the protection necessary to guard against RCE threat

Why Only EASM can provide the protection necessary to guard against RCE threat

Share:

On April 6, 2022, VMware published VMSA-2022-0011 describing multiple vulnerabilities privately reported to VMware, and issued fixes to patch them. Among these vulnerabilities is CVE-2022-22954, the most critical rated a 9.8 on CVSSv3. CVE-2022-22954 is a remote code execution (RCE) vulnerability due to server-side template injection in VMware Workspace ONE Access and VMware Identity Manager products. The exploit to this vulnerability is very easy to carry out and does not require much technical knowledge. Only a single HTTP request is required to identify a vulnerable device. Successful exploitation allows an unauthenticated attacker with network access to the web interface to execute an arbitrary shell command as the VMware user.

Protection in practice: guarding against CVE-2022-22960

A successful exploit will lead to command execution within the power of the horizon user directly from the WEB. It is possible to get root access from horizon users (complete server takeover) combining CVE-2022-22960. At present, a large number of VMware vulnerable unpatched products remain vulnerable to remote code execution, putting organizations and individuals at risk.

The following HTTP request performs the command “cat /etc/passwd” with permissions of horizon user:

Response:

Similarly, one can perform directory listing in horizon home folder by ls command by using “ls /”:

And as can be shown in the response, all directories in the horizon home folder are listed. This method of execution means an attacker can download malicious files, connect to C&C servers, and more.

There are many things one can do though CVE-2022-22954 — even opening a stream and generating a shell. This is just one example among the many preconfigured exploits accessible to both researchers and malicious parties alike.

 Steps for remediation

  1. Update software immediately as a part of routine software check-in and updates.
  2. If you must publish this service to the internet, use WAF best practices.
  3. Create a firewall access list (ACL) and enable access only to trusted IP addresses.

Concerned about RCE threat? Reposify has you covered.

Enterprise asset tracking is becoming increasingly more difficult to track, as large corporations have countless interfaces with subsidiaries, suppliers, and joint ventures. Security teams find themselves understaffed with more tasks to perform. True EASM solution will find the immediate threat in real-time and provide simple instructions on how to prevent them. Reposify will find every asset that belongs to your organization and mimic professional security analysts.

Reposify values your time! We are committed to reducing the number of false-positives and to provide security teams with verified issues, and a clear view. Reposify has a large number of integrations with support and case management, SIEM, SOAR, and cloud connectors to make team coordination easy.

Shlomi has been an information technology professional for over fifteen years with extensive experience with roles spanning across Software Development Life Cycle (SDLC), IT infrastructure, cryptography, security architecture, operations security, business continuity and Disaster Recovery Planning (DRP), legal, regulations, investigations and compliance, design DevOps (CI-CD process) to cloud platforms. Shlomi has worked on large complex InfoSec projects worldwide. He brings the expertise of defensive & offensive methodologies in cybersecurity. Shlomi is focused on excellence in all aspects of business and life and contributes his knowledge in technical documentation including Cloud Security Alliance (CSA).

Share:

Ready to discover your External Attack Surface?

Read Next

Out of sight, out of mind: why EASM is the foundation of Zero Trust architecture

"While Zero Trust enables secure communications in-office, EASM can help reflect what is exposed in real time and provide a clear list of external facing applications, users, remote connections and network infrastructure identified" Our Director of Security Research Dor Levy points out the gaps in Zero Trust architecture, highlighting the critical need for #EASM to ensure that policies are applied to all assets in an organization, known or unknown. Read his full blog

The Risks Of Expired SSL Certificates

SSL certificates are essential to encrypting internet traffic and verifying server identities. In spite of the available certificate management tools, cyber incidents related to expired SSL certificates are on the rise, suggesting that managing SSL certificates may not be as simple as it appears. Read what are the risks expired SSL certificates hold, why it is difficult to renew SSL certificates in time, and how EASM can help.

Curious about EASM? Here’s where to begin

EASM touches nearly every corner of a strong cybersecurity posture. With solutions abound, we've handpicked H1 2022's top articles on EASM.