¡¾Â©¶´Í¨¸æ¡¿VMware Tanzu Application Service for VMs & Isolation SegmentÐÅϢ鶩¶´£¨CVE-2023-20891£©

Ðû²¼Ê±¼ä 2023-07-26

 

Ò»¡¢Â©¶´¸ÅÊö

CVE   ID

CVE-2023-20891

·¢ÏÖʱ¼ä

2023-07-26

Àà    ÐÍ

ÐÅϢй¶

µÈ    ¼¶

ÖÐΣ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

µÍ

¹¥»÷ÅÓ´ó¶È

µÍ

Óû§½»»¥

ÎÞ

PoC/EXP

δ¹ûÈ»

ÔÚÒ°ÀûÓÃ

δ·¢ÏÖ

 

VMware Tanzu Ó¦Ó÷¨Ê½·þÎñÊÇÒ»¸öÊÊÓÃÓÚ¹«ÓÐÔƺÍ˽ÓÐÔƵÄÓ¦Ó÷¨Ê½¿ª·¢ºÍ²¿Êðƽ̨¡£

7ÔÂ26ÈÕ£¬¶¶È¦Îª¶Ä¶øÉúVSRC¼à²âµ½VMware Tanzu Application Service for VMs £¨TAS for VMs£©ºÍIsolation SegmentÖдæÔÚÐÅϢ鶩¶´£¨CVE-2023-20891£©£¬¸Ã©¶´µÄCVSSÆÀ·ÖΪ6.5¡£

ÊÊÓÃÓÚÐéÄâ»úµÄ VMware Tanzu Ó¦Ó÷¨Ê½·þÎñºÍ¸ôÀë¶ÎÔÚ¶à¸ö°æ±¾ÖдæÔÚÐÅϢ鶩¶´£¬ÓÉÓÚƽ̨ϵͳÉóºËÈÕÖ¾ÖÐÒÔÊ®Áù½øÖƱàÂë¼Ç¼ƾ¾Ý£¬ÓÐȨ·ÃÎÊƽ̨ϵͳÉóºËÈÕÖ¾µÄ·Ç¹ÜÀíÔ±Óû§£¨Ä¬Èϲ¿ÊðÖзǹÜÀíÔ±Óû§ÎÞȨ·ÃÎÊƽ̨ϵͳÉóºËÈÕÖ¾£©¿ÉÒÔ·ÃÎÊÊ®Áù½øÖƱàÂëµÄCF API¹ÜÀíԱƾ¾Ý£¬µ¼ÖÂÃô¸ÐÐÅϢй¶£¬¿ÉÀûÓø鶴ÍÆËͶñÒâÓ¦Ó÷¨Ê½¡£

 

¶þ¡¢Ó°Ï췶Χ

VMware Tanzu Application Service for VMs 4.0.x < 4.0.5

VMware Tanzu Application Service for VMs 3.0.x < 3.0.14

VMware Tanzu Application Service for VMs 2.13.x < 2.13.24

VMware Tanzu Application Service for VMs 2.11.x < 2.11.42

Isolation Segment 4.0.x < 4.0.4

Isolation Segment 3.0.x < 3.0.13

Isolation Segment 2.13.x < 2.13.20

Isolation Segment 2.11.x < 2.11.35

 

Èý¡¢Äþ¾²´ëÊ©

3.1 Éý¼¶°æ±¾

Ä¿Ç°¸Ã©¶´ÒѾ­ÐÞ¸´£¬ÊÜÓ°ÏìÓû§¿ÉÉý¼¶µ½ÒÔÏ°汾£º

VMware Tanzu Application Service for VMs 4.0.x >= 4.0.5

VMware Tanzu Application Service for VMs 3.0.x >= 3.0.14

VMware Tanzu Application Service for VMs 2.13.x >= 2.13.24

VMware Tanzu Application Service for VMs 2.11.x >= 2.11.42

Isolation Segment 4.0.x >= 4.0.4

Isolation Segment 3.0.x >= 3.0.13

Isolation Segment 2.13.x >= 2.13.20

Isolation Segment 2.11.x >= 2.11.35

ÏÂÔØÁ´½Ó£º

https://www.vmware.com/security/advisories/VMSA-2023-0016.html

3.2 ÁÙʱ´ëÊ©

ÊÜÓ°ÏìÓû§¿É½øÐÐCF API ¹ÜÀíԱƾ¾ÝÂÖ»»£¬ÒÔÈ·±£ÍþвÕßÎÞ·¨Ê¹ÓÃÈκÎ鶵ÄÃÜÂë¡£Óйظü¸Ä Cloud Foundry Óû§ÕÊ»§ºÍÉí·ÝÑéÖ¤ (UAA) ¹ÜÀíԱƾ¾Ý£¬¿É²Î¿¼£º

https://community.pivotal.io/s/article/How-to-Change-the-Admin-Password-for-UAA?language=en_US

3.3 ͨÓý¨Òé

l  ¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¬¼õÉÙϵͳ©¶´£¬ÌáÉý·þÎñÆ÷µÄÄþ¾²ÐÔ¡£

l  ¼ÓǿϵͳºÍÍøÂçµÄ·ÃÎÊ¿ØÖÆ£¬Ð޸ķÀ»ðǽ¼Æı£¬¹Ø±Õ·ÇÐëÒªµÄÓ¦Óö˿ڻò·þÎñ£¬¼õÉÙ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Ì»Â¶µ½¹«Íø£¬¼õÉÙ¹¥»÷Ãæ¡£

l  ʹÓÃÆóÒµ¼¶Äþ¾²²úÎÌáÉýÆóÒµµÄÍøÂçÄþ¾²ÐÔÄÜ¡£

l  ¼ÓǿϵͳÓû§ºÍȨÏÞ¹ÜÀí£¬ÆôÓöàÒòËØÈÏÖ¤»úÖƺÍ×îСȨÏÞÔ­Ôò£¬Óû§ºÍÈí¼þȨÏÞÓ¦±£³ÖÔÚ×îµÍÏ޶ȡ£

l  ÆôÓÃÇ¿ÃÜÂë¼Æı²¢ÉèÖÃΪ¶¨ÆÚÐ޸ġ£

3.4 ²Î¿¼Á´½Ó

https://www.vmware.com/security/advisories/VMSA-2023-0016.html

https://www.bleepingcomputer.com/news/security/vmware-fixes-bug-exposing-cf-api-admin-credentials-in-audit-logs/

 

ËÄ¡¢°æ±¾ÐÅÏ¢

°æ±¾

ÈÕÆÚ

±¸×¢

V1.0

2023-07-26

Ê×´ÎÐû²¼

 

Îå¡¢¸½Â¼

5.1 ¶¶È¦Îª¶Ä¶øÉú¼ò½é

¶¶È¦Îª¶Ä¶øÉú½¨Á¢ÓÚ1996Ä꣬ÊÇÓÉÁôÃÀ²©Ê¿ÑÏÍû¼ÑŮʿ´´½¨µÄ¡¢ÓµÓÐÍêÈ«×ÔÖ÷֪ʶ²úȨµÄÐÅÏ¢Äþ¾²¸ß¿Æ¼¼ÆóÒµ¡£ÊǹúÄÚ×î¾ßʵÁ¦µÄÐÅÏ¢Äþ¾²²úÎï¡¢Äþ¾²·þÎñ½â¾ö·½°¸µÄÁ캽ÆóÒµÖ®Ò»¡£

¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°¶¶È¦Îª¶Ä¶øÉú´óÏ㬹«Ë¾Ô±¹¤6000ÓàÈË£¬Ñз¢ÍŶÓ1200ÓàÈË, ¼¼Êõ·þÎñÍŶÓ1300ÓàÈË¡£ÔÚÈ«¹ú¸÷Ê¡¡¢ÊС¢×ÔÖÎÇøÉèÁ¢·ÖÖ§»ú¹¹ÁùÊ®¶à¸ö£¬ÓµÓÐÁýÕÖÈ«¹úµÄÏúÊÛÌåϵ¡¢ÇþµÀÌåϵºÍ¼¼ÊõÖ§³ÖÌåϵ¡£¹«Ë¾ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉîÛÚÖÐС°å¹ÒÅÆÉÏÊС££¨¹ÉƱ´úÂ룺002439£©

¶àÄêÀ´£¬¶¶È¦Îª¶Ä¶øÉúÖÂÁ¦ÓÚÌṩ¾ßÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷´´ÐµÄÄþ¾²²úÎïºÍ×î¼Ñʵ¼ù·þÎñ£¬×ÊÖú¿Í»§È«ÃæÌáÉýÆäIT»ù´¡ÉèÊ©µÄÄþ¾²ÐÔºÍÉú²úЧÄÜ£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢Äþ¾²¹¤ÒµÁì¾üÆ·Åƶø²»Ð¸Å¬Á¦¡£

5.2 ¹ØÓÚ¶¶È¦Îª¶Ä¶øÉú

¶¶È¦Îª¶Ä¶øÉúÄþ¾²Ó¦¼±ÏìÓ¦ÖÐÐÄÒÑÐû²¼1000¶à¸ö©¶´Í¨¸æºÍ·çÏÕÔ¤¾¯£¬ÎÒÃǽ«Á¬Ðø¸ú×ÙÈ«Çò×îеÄÍøÂçÄþ¾²Ê¼þºÍ©¶´£¬ÎªÆóÒµµÄÐÅÏ¢Äþ¾²±£¼Ý»¤º½¡£

¹Ø×¢ÎÒÃÇ£º

image.png