Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
An unauthenticated attacker with network access can easily gain complete control of the vCenter server and find an entry point for further attacks on your network.
Kill Chain
Risk Score
92
An attacker with network access to port 389 on an affected vCenter server can exploit an access control vulnerability in the VMware Directory Service (vmdir). First, the attacker attempts to create a session by sending fake LDAP credentials to the vCenter server. The LDAP authentication attempt fails (1), as expected, but vmdir creates an unauthenticated session with the attacker. The attacker successfully runs an LDAP command to create a user (2) and then runs another command to add the new user to an administrator group. As this new administrator user, the attacker can gain complete control of the vCenter system.
Apply security updates for affected deployments of vCenter Server
Make sure that audit and event logs record new account creation
Implement network segmentation, security zones, and firewall policies that limit how devices can communicate
