Do you remember back in College when you felt invincible logging into the computer lab and booting up your personal virtual machine? You almost felt invisible to the world. Your instructors told you that this is the proper way to play around the internet, also how to test and break things. Being able to download, surf the web and run malicious labs without affecting anything on you’re the actual computer was the coolest thing since the invention of the computer itself. Well according to a recent article published by the virtual machine giant VMware, this security may not be the same as it used to be.
On April 15, 2016 VMware released a notice of a critical vulnerability in its Client Integration Plugin (CIP). This plugin allows users to connect different types of virtual devices that are hosted on the computer to the Virtual machine itself. VMware has said that the CIP doesn’t handle these connection sessions correctly. Leaving user’s machine vulnerable to session hijacking and man in the middle attacks. This vulnerability has been easily exploited by users simply visiting a websites formatted to capture the users VM session.
This is a very serious vulnerability for VMware to have seeing that being able to remain safe in a VM is the money making of the Virtual machine Company. This specific vulnerability has been tracked as CVE-2016-2076 and it lives in the following versions VMware products:
- CIP shipped with the vCenter update 5.5 and 6.0
- vCloud Director 5.5.5 on windows and vRealize automation identity appliance on Linux.
As of now the vulnerability has been patched for only the vCenter 5.5 (U3d and 6.0 U2), vCloud Director 5.5.6, and vRealize Automation Identity Appliance 184.108.40.206. If you have been affected or think you may have been affected, VMware has suggested that you update your specific tool and then update the CIP on the system client server for the changes to take full effect.
This has been the fourth security patch released this year for VMware as a company. The other vulnerabilities include a privileged escalation in the VMware tools menu, a remote code flaw in the glibc execution library, and lastly a cross-site scripting bug that lived in the vRealize tool.
VMware offers a great line of products that students and enterprise level companies use alike to learn and test. In doing so they will gain the skills needed to eventually implement security controls into their own company’s infrastructures. Make sure you or someone in your company with proper authority is made well aware of this vulnerability and the others mentioned. By taking the easy small steps required to remediate yourself from this vulnerability, you can ensure your company will be safe another day. If you have any questions regarding how the vulnerability was found or further action is needed to help remove the vulnerability, feel free to contact VMware directly, as they should be more than happy to help you return your VM to its original state.