Critical VMware Vulnerability
VMware just released a CVSS 10 (critical) vulnerability for VMware vCenter 6.7 and VCSA 6.7. It ONLY impacts environments that were upgraded from previous versions including Version 6.7, 6.5, and older. Version 7.0 is not affected. VMware corrected the issue in vCenter/VCSA 6.7 update 3F, which was released on 4/10/20. This vulnerability allows unauthenticated access into the vCenter environment. Upgrading the vCenter server to 6.7 update 3F will improve the security of the environment by closing the security hole.
A VMware environment must be treated with the equivalent level of security one would use to protect Active Directory since if an attacker were to gain access to it, they can access the virtual machines within. It is recommend to have management access isolated to only privileged access workstations. If this vulnerability is not patched and the management access not limited, there is a very high level of risk to the security of the organization.
If you are running the affected version of VMware vCENTER, you must upgrade ASAP.
For information on virtualization solutions for your business or how Advanticom can support your current infrastructure, please click here.