VMware
A VMware vulnerability that allowed access to protected data and federated authentication abuse was used by the SolarWinds hackers to attack high-value targets, KrebsOnSecurity reported last Friday. The U.S. National Security Agency (NSA) warned on Dec. 7 that a flaw in the software of Palo Alto, Calif.-based VMware was being used by Russian hackers to impersonate legitimate users on breached networks.
In order to exploit this vulnerability, the NSA said hackers would need to be on the target’s internal network, which KrebsOnSecurity pointed out would have been the case in the SolarWinds hack. VMware told CRN that it has received no notification or indication that this vulnerability “was used in conjunction with the SolarWinds supply chain compromise.”
After being tipped off to the flaw by the NSA, VMware released a software update Dec. 3 to plug the security hole. While some of VMware’s own networks used vulnerable versions of SolarWinds’ Orion network monitoring platform, the company told CRN that an investigation has thus far revealed no evidence of exploitation.
