From Shared Dash to Root Bash :: Pre-Authenticated RCE in VMWare vRealize Operations Manager
Tags
| attack-pattern: | Data Model Credentials - T1589.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Vulnerabilities - T1588.006 Sudo - T1169 |
Common Information
| Type | Value |
|---|---|
| UUID | f97a8097-edbd-48b3-91d1-3b16469fe3db |
| Fingerprint | 3cb9b590bf73598b |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 9, 2022, 2 p.m. |
| Added to db | Jan. 18, 2023, 10:28 p.m. |
| Last updated | Nov. 17, 2024, 6:50 p.m. |
| Headline | From Shared Dash to Root Bash :: Pre-Authenticated RCE in VMWare vRealize Operations Manager |
| Title | From Shared Dash to Root Bash :: Pre-Authenticated RCE in VMWare vRealize Operations Manager |
| Detected Hints/Tags/Attributes | 53/1/25 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 5 | cve-2022-31675 |
|
| Details | CVE | 4 | cve-2022-31674 |
|
| Details | CVE | 4 | cve-2022-31672 |
|
| Details | Domain | 1 | cqlsh.py |
|
| Details | Domain | 1 | generatesupportbundle.py |
|
| Details | Domain | 1 | vcops.sh |
|
| Details | Domain | 150 | www.vmware.com |
|
| Details | File | 1 | cqlsh.py |
|
| Details | File | 18 | this.dat |
|
| Details | File | 1 | apply_system_update_stderr.log |
|
| Details | File | 1 | post_apply_system_update.log |
|
| Details | File | 1 | generatesupportbundle.py |
|
| Details | File | 1 | vmsa-2021-0004.html |
|
| Details | File | 1 | vmsa-2021-0018.html |
|
| Details | File | 1 | vmsa-2021-0021.html |
|
| Details | File | 1 | api.doc |
|
| Details | File | 1 | guid-c27b4402-56df-45d6-8813-ec2617d24407.html |
|
| Details | sha1 | 1 | 4637b6385db4fbee6b1150605087197f8d03ba00 |
|
| Details | sha1 | 1 | 0363f4304e4661dde0607a3d22b4fb149d8a10a4 |
|
| Details | IPv4 | 1441 | 127.0.0.1 |
|
| Details | Url | 1 | https://www.vmware.com/security/advisories/vmsa-2021-0004.html |
|
| Details | Url | 1 | https://www.vmware.com/security/advisories/vmsa-2021-0018.html |
|
| Details | Url | 1 | https://www.vmware.com/security/advisories/vmsa-2021-0021.html |
|
| Details | Url | 1 | https://docs.vmware.com/en/vrealize-operations/8.6/com.vmware.vcom.api.doc/guid-c27b4402-56df-45d6-8813-ec2617d24407.html |
|
| Details | Url | 1 | https://swarm.ptsecurity.com/catching-bugs-in-vmware-carbon-black-cloud-workload-appliance-and-vrealize-operations-manager |