Exploit development training specialists have reported the finding of a couple vulnerabilities in some products developed by VMware, a company that provides virtualization software available for X86 compatible machines. According to the report, successful exploitation of these flaws would trigger privilege escalation attacks and remote code execution scenarios.

Below are some details about the reported flaws, including their scores and tracking keys according to the Common Vulnerability Scoring System (CVSS).

CVE-2020-5396: A JMX service contains a highly unsecure default configuration, which would allow remote threat actors to create a mbean MLet and execute arbitrary code on the target system.

According to the exploit development training experts, the flaw requires an authenticated attacker for exploitation. This is a medium severity vulnerability that received a score of 7.7/10.

Affected products and versions:

  • VMware GemFire: 9.7.0, 9.7.1, 9.7.2, 9.7.3, 9.7.4, 9.7.5, 9.8.0, 9.8.1, 9.8.2, 9.8.3, 9.8.4, 9.8.5, 9.8.6, 9.9.0, 9.9.1
  • VMware Tanzu GemFire for VMs: 1.10.0, 1.10.1, 1.11.0

CVE-2020-5414: This flaw exists because App Autoscaler records the UAA administrator password, which would allow malicious hackers to scale privileges on the target system, as mentioned by the exploit development training experts.

Like the vulnerability reported above, this is a medium severity flaw and received a score of 7.7/10. Moreover, unlike the previous report, CVE-2020-5414 could be exploited by unauthenticated remote attackers.

Affected products and versions:

  • VMware Tanzu Operations Manager: 2.7, 2.8, 2.9
  • VMware Tanzu Application Service for VMs: 2.7.0, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.7.5, 2.7.6, 2.7.7, 2.7.8, 2.7.9, 2.7.10, 2.7.11, 2.7.12, 2.7.15, 2.7.16, 2.7.17, 2.7.18, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.5, 2.8.6, 2.8.7, 2.8.8, 2.8.9, 2.8.10, 2.8.11, 2.8.12, 2.9.1, 2.9.2, 2.9.3, 2.9.4, 2.9.5, 2.9.6

Security patches are now ready, so users of vulnerable deployments should update as soon as possible. No attempts to exploit these failures or the existence of an attack-related exploit have been detected so far, although it is best to install official mitigations.