VMware has period another critical vulnerability reported by Positive Technologies, a Russian cybersecurity determined that was sanctioned recently by the United States.
Positive Technologies is one of the particular Russian tech firms sanctioned in April by the U.S. for allegedly supporting Kremlin nous agencies. The company has reported many serious vulnerabilities to major vendors such as Microsoft, Intel and VMware outstanding the past years and says that it plans to continue doing so.
The up to the minute security hole reported by Positive Technologies to VMware is CVE-2021-21984, a disparaging remote code execution vulnerability affecting VMware vRealize Area for Cloud.
“A malicious actor with network access may exploit this copy causing unauthorised remote code execution on vRealize Business for Cloud Essential Appliance,” the virtualization giant said in an advisory released this week.
Egor Dimitrenko, the Unequivocal Technologies researcher who reported the flaw to VMware, told SecurityWeek that the effected product is typically used within an organization’s local network, but seeks that his company has seen instances where these systems must been configured in a way that makes them accessible from the internet.
The researcher denoted an unauthenticated attacker who has access to the targeted system does not require any benefits or special access to exploit CVE-2021-21984.
According to Dimitrenko, exploitation of the vulnerability “assigns attackers to execute arbitrary code in the system, which leads to a unabated compromise of the server and allows a criminal to perform attacks on the company infrastructure.”
In a communiqu to SecurityWeek, Positive Technologies said it will continue to report vulnerabilities to firms such as VMware, despite the recent sanctions.
“Positive Technologies has eject nearly two decades building a stellar reputation in this critical greensward, and we won’t stop now,” said a company spokesperson. “We’re keeping our focus where it’s unendingly been: Developing technologies and services to ensure and enhance cybersecurity here the world, and responsibly disclosing security vulnerabilities uncovered by our researchers during the direction of this work, in full compliance with all obligations to customers, allies, employees and governments.”
Positive Technologies claims to have thousands of chaps across 30 countries, including in the financial, telecoms and government sectors.
In January 2020, the coterie said it had been accepted into the Microsoft Active Protections Program (MAPP), which discloses member security software providers early access to vulnerability data to enable them to protect their customers against potential strike ats if a patch is not available. However, after the sanctions were announced, Microsoft excluded Positive Technologies from the MAPP.
Related: VMware vROps Perforations Can Provide ‘Unlimited Opportunities’ in Attacks on Companies
Related: Sanctioned Russian IT Resolved Was Partner With Microsoft, IBM