VMware addressed a vulnerability on Tuesday that impacts its Tanzu Application Service for VMs and Isolation Segment products.VMware周二解决了影响其Tanzu Application Service for VM和Isolation Segment产品的漏洞。The flaw, tracked as CVE-2023-20891, poses a significant risk by exposing CF API admin credentials and potentially granting unauthorized access to sensitive systems and data.该漏洞被跟踪为 CVE-2023-20891,通过暴露 CF API 管理员凭据并可能授予对敏感系统和数据的未经授权的访问,从而带来重大风险。The issue, which was privately reported to VMware, arises from the logging of credentials in hex encoding in the platform system audit logs.该问题已私下报告给 VMware,原因是在平台系统审核日志中以十六进制编码记录凭据。Read more about cloud logging: Microsoft Strengthens Cloud Logging Against Nation-State Threats阅读有关云日志记录的更多信息:Microsoft 加强云日志记录以抵御民族国家威胁VMware has classified the severity of this vulnerability as “Moderate,” as it possesses a maximum CVSS v3 base score of 6.5.VMware已将此漏洞的严重性归类为“中等”,因为它拥有 CVSS v3 的最大基本分数 6.5。From a technical standpoint, the known attack vectors involve malicious non-admin users gaining access to the platform system audit logs, where they can extract hex-encoded CF API admin credentials.从技术角度来看,已知的攻击媒介涉及恶意非管理员用户获取对平台系统审核日志的访问权限,他们可以在其中提取十六进制编码的 CF API 管理员凭据。Using this information, attackers could potentially push malicious versions of applications, compromising the security and integrity of the entire system.利用这些信息,攻击者可能会推送恶意版本的应用程序,从而危及整个系统的安全性和完整性。Notably, in default deployments, non-admin users are not granted access to the platform system audit logs, mitigating some of the risks.值得注意的是,在默认部署中,非管理员用户不会被授予对平台系统审核日志的访问权限,从而减轻了一些风险。“The concept of protecting the key is the most basic, fundamental concept in cryptography and cryptographic systems. The idea that the way the key is formulated and/or used is less important should get everyone to put importance on the key,” commented Jason Kent, hacker in residence at Cequence Security.“保护密钥的概念是密码学和密码系统中最基本、最基本的概念。密钥的制定和/或使用方式不那么重要的想法应该让每个人都重视密钥,“Cequence Security的常驻黑客Jason Kent评论道。“Here, you can see they capture a key as it is being used, encode it, and write it to the logs. Read access to the logs is all that is needed, and low-level access like that is easily obtained.”“在这里,你可以看到他们在使用密钥时捕获密钥,对其进行编码,并将其写入日志。只需要对日志进行读取访问,并且很容易获得这样的低级访问权限。Organizations that rely on VMware Tanzu Application Service for VMs and Isolation Segment are strongly advised to apply the patches released by the company.强烈建议依赖 VMware Tanzu 适用于虚拟机和隔离段的应用程序服务的组织应用公司发布的修补程序。In its advisory, VMware highlighted that there are currently no known workarounds for this vulnerability. The company provided further guidance for impacted users to rotate their CF API admin credentials as an added precautionary measure.VMware在其公告中强调,目前没有针对此漏洞的已知解决方法。该公司为受影响的用户提供了进一步的指导,以轮换其 CF API 管理员凭据,作为额外的预防措施。
评论