Vulnerability in VMware product has a severity rating of 9.8 out of 10
Episode 10226th May 2021 • This Week Health: Newsroom • This Week Health
00:00:00 00:04:39

Transcripts

This transcription is provided by artificial intelligence. We believe in technology but understand that even the most intelligent robots can sometimes get speech recognition wrong.

  Today in Health it, this story is VMware vCenter Vulnerability has a severity rating of 9.8 out of 10. This is serious. My name is Bill Russell. I'm a former CIO for a 16 hospital system and creator of this week in Health IT at channel dedicated to keeping health IT staff and engaged. Our sponsor for today is me.

I provide executive coaching for health leaders around technology and it, if you wanna learn more, check out health lyrics. Dot com. Alright, today's story comes from ours, Technica Vulnerability and VMware product has severity rating of 9.8 out of 10. Remote code execution flaw in vCenter server poses serious risk to data centers.

And as you know, VMware and vSphere is pervasive around healthcare. Let me go on to the article. Data centers around the world have a new concern to contend with a remote code vulnerability in a widely used VMware product. The security flaw, which . VMware disclosed and patched on Tuesday resides in the vCenter Server, a tool used for managing virtualization in large data centers.

vCenter Server is used to administer VMware's, vSphere and ESXI host products, which by some rankings are the first and second most popular virtualization solutions on the market, and lift a site that provides business intelligence shows that more than 43,000 organizations use vSphere. A VMware advisory said that vCenter's machines using default configurations have a bug that in many networks, allows for the execution of malicious code.

bility is tracked as CVE dash:

Health Check plugin, which is enabled by default in vCenter Server Tuesday's. Advisory stated, VMware has evaluated the severity of this issue to be in the critical severity range with a maximum C-V-S-S-V three base score of 9.8. A malicious actor with a network access to Port 4 43 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter.

Server independent researcher, Kevin Beaumont, agreed vCenter is a virtualization management software. He said in an interview, if you hack it, you control the virtualization layer, which allows access before the OSS layer. This is a serious vulnerability, so organizations should patch or restrict access to the vCenter server to authorized administrators.

H, SaaS and Google, CVE dash:

Proof of concept exploits appeared from at least six different sources. The disclosure set off a frantic round of mass internet scans as attackers and defenders alike search for vulnerable servers. Visa Center versions 6.5, 6.7 and 7.0 are all affected. Organizations with vulnerable machines should prioritize this patch.

Those who can't install immediately should follow Beaumont's. Workaround advice. VMware has more workaround guidance. Here and there's a link to a place with the workaround guidance. The so what for this goes without saying, VMware is pervasive in healthcare. It's time to get to work and patch the flaw as quickly as possible.

That's all for today. If you know of someone that might benefit from our channel, please forward them a note. They can subscribe on our website this week, health.com, or wherever you listen to podcasts. Apple, Google Overcast, Spotify, Stitcher. You get the picture. We are everywhere. We wanna thank our channel sponsors who are investing in our mission to develop the next generation of health leaders, VMware Hillrom, Starbridge Advisors, McAfee and Aruba Networks.

Thanks for listening. That's all for now.

Chapters

Video

More from YouTube