NEW DELHI: India’s Computer Emergency Response Team (CERT-In) has issued new alerts for users, this time regarding multiple reported vulnerabilities in products from enterprise cloud service provider VMware.
CERT-In found bugs in VMware ESXi and Cloud Foundation, which could be exploited by an attacker to gain access to sensitive information.
“These vulnerabilities exist in VMware ESXi and Cloud Foundation due to the Intel and AMD processors it uses. An attacker with administrative access to a virtual machine could exploit these vulnerabilities by taking advantage of various side-channel CPU flaws,” warned the cyber agency.
Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information stored in physical memory on the hypervisor or other virtual machines that reside on the same ESXi host, he added.
The other “Branch Type Confusion” vulnerability can help an attacker with administrative access to a virtual machine to take advantage of various side-channel processor flaws.
The cyber agency suggested the users to apply the appropriate updates provided by the company.
In May, chip and software maker Broadcom announced the acquisition of VMware in a cash and stock deal valued at $61 billion.
CERT-In also reported new bugs in Adobe Photoshop and Acrobat that could allow an attacker to execute arbitrary code and obtain sensitive information about the targeted system.
“These vulnerabilities exist in Adobe Photoshop due to uninitialized pointer access and post-free usage error. An attacker could exploit these vulnerabilities by tricking a victim into opening a specially crafted document on the targeted system “, said the cybernetic agency.