Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Company
Platform
Modern NDR
Resources
Company
DETECTION OVERVIEW
Risk Factors
An unauthenticated attacker with network access can easily gain complete control of the vCenter server and find an entry point for further attacks on your network.
Category
An attacker with network access to port 389 on an affected vCenter server can exploit an access control vulnerability in the VMware Directory Service (vmdir). First, the attacker attempts to create a session by sending fake LDAP credentials to the vCenter server. The LDAP authentication attempt fails (1), as expected, but vmdir creates an unauthenticated session with the attacker. The attacker successfully runs an LDAP command to create a user (2) and then runs another command to add the new user to an administrator group. As this new administrator user, the attacker can gain complete control of the vCenter system.
Apply security updates for affected deployments of vCenter Server
Make sure that audit and event logs record new account creation
Implement network segmentation, security zones, and firewall policies that limit how devices can communicate
Network analysis and visibility solutions remain underrepresented in enterprises. Find out why in this preview of a new Wave report.
ExtraHop® Named a Leader in First-Ever Gartner® Magic Quadrant™ for Network Detection and Response
Visit this resource for more information.
This analysis exposes the critical link between an organization's lack of internal visibility and the escalating cost of compromise, demanding an urgent re-evaluation of how core business assets are protected.
Learn why you need to be wary of the claims certain network detection and response providers make about their coverage against the MITRE ATT&CK framework.
Learn how NDR from RevealX helps security teams detect and investigate more adversary TTPs in the MITRE ATT&CK framework than rule-based tools.
