Get in Touch
Indiscriminate, opportunistic targeting.
VMware has released a patch regarding an information disclosure vulnerability, tracked as CVE-2023-20891 (CVSSv3 score: 6.5). The flaw pertains to VMware Tanzu Application Service for virtual machines (VMs) (TAS for VMs) and Isolation Segment, features that allow enterprises to automatically deploy applications.
Successful exploitation of CVE-2023-20891 could allow a remote threat actor to access Cloud Foundry API admin credentials on unpatched systems in low-complexity attacks. Threat actors who exploit this vulnerability can then utilise the stolen credentials to deploy malicious renditions of applications.
VMware has released a security update with regards to this vulnerability. As such, previous versions are vulnerable to potential exploitation.
- VMware Tanzu Application Service for VMs (TAS for VMs)
- Isolation Segment
Containment, Mitigations & Remediations
It is strongly recommended that TAS for VMs users apply the relevant security update as soon as possible.
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available currently.
VMware occupies a significant proportion of the virtualisation market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, VMware products have become a prime target for threat actors. Due to the fact that virtual machines have become an integral aspect of both personal and business operations, threat actors will continue to exploit vulnerabilities contained within the associated products in an attempt to extract the sensitive information contained therein.
No attribution to specific threat actors or groups has been identified at the time of writing.
Credential Access Technique
T1212 – Exploitation for Credential Access