VMware published patches last week for four vulnerabilities in its vRealize Log Insight product that, if combined, could allow attackers to take over the log collection and analytics platform. This week, a proof-of-concept exploit chain has been released by security researchers, along with detailed explanations for each vulnerability, meaning in-the-wild attacks could soon follow.
“Gaining access to the Log Insight host provides some interesting possibilities to an attacker, depending on the type of applications that are integrated with it,” researchers with penetration testing firm Horizon3.ai said in their analysis of the flaws. “Often logs ingested may contain sensitive data from other services and may allow an attack to gather session tokens, API keys, and PII. Those keys and sessions may allow the attacker to pivot to other systems and further compromise the environment.”