0 %

VMware Warns of Critical File Upload Vulnerability Affecting vCenter Server

September 22, 2021
vCenter Server

VMware on Tuesday revealed a brand new bulletin warning of as many as 19 vulnerabilities in vCenter Server and Cloud Basis home equipment {that a} distant attacker may exploit to take management of an affected system.

Essentially the most pressing amongst them is an arbitrary file add vulnerability within the Analytics service (CVE-2021-22005) that impacts vCenter Server 6.7 and seven.0 deployments. “A malicious actor with community entry to port 443 on vCenter Server could exploit this subject to execute code on vCenter Server by importing a specifically crafted file,” the corporate noted, adding “this vulnerability can be utilized by anybody who can attain vCenter Server over the community to realize entry, whatever the configuration settings of vCenter Server.”

Though VMware has revealed workarounds for the flaw, the corporate cautioned that they’re “meant to be a brief resolution till updates […] will be deployed.”

The entire listing of flaws patched by the virtualization providers supplier is as follows —

  • CVE-2021-22005 (CVSS rating: 9.8) – vCenter Server file add vulnerability
  • CVE-2021-21991 (CVSS rating: 8.8) – vCenter Server native privilege escalation vulnerability
  • CVE-2021-22006 (CVSS rating: 8.3) – vCenter Server reverse proxy bypass vulnerability
  • CVE-2021-22011 (CVSS rating: 8.1) – vCenter server unauthenticated API endpoint vulnerability
  • CVE-2021-22015 (CVSS rating: 7.8) – vCenter Server improper permission native privilege escalation vulnerabilities
  • CVE-2021-22012 (CVSS rating: 7.5) – vCenter Server unauthenticated API info disclosure vulnerability
  • CVE-2021-22013 (CVSS rating: 7.5) – vCenter Server file path traversal vulnerability
  • CVE-2021-22016 (CVSS rating: 7.5) – vCenter Server mirrored XSS vulnerability
  • CVE-2021-22017 (CVSS rating: 7.3) – vCenter Server rhttpproxy bypass vulnerability
  • CVE-2021-22014 (CVSS rating: 7.2) – vCenter Server authenticated code execution vulnerability
  • CVE-2021-22018 (CVSS rating: 6.5) – vCenter Server file deletion vulnerability
  • CVE-2021-21992 (CVSS rating: 6.5) – vCenter Server XML parsing denial-of-service vulnerability
  • CVE-2021-22007 (CVSS rating: 5.5) – vCenter Server native info disclosure vulnerability
  • CVE-2021-22019 (CVSS rating: 5.3) – vCenter Server denial of service vulnerability
  • CVE-2021-22009 (CVSS rating: 5.3) – vCenter Server VAPI a number of denial of service vulnerabilities
  • CVE-2021-22010 (CVSS rating: 5.3) – vCenter Server VPXD denial of service vulnerability
  • CVE-2021-22008 (CVSS rating: 5.3) – vCenter Server info disclosure vulnerability
  • CVE-2021-22020 (CVSS rating: 5.0) – vCenter Server Analytics service denial-of-service vulnerability
  • CVE-2021-21993 (CVSS rating: 4.3) – vCenter Server SSRF vulnerability

Credited with reporting a lot of the flaws are George Noseevich and Sergey Gerasimov of SolidLab LLC, alongside Hynek Petrak of Schneider Electrical, Yuval Lazar of Pentera, and Osama Alaa of Malcrove.

Prevent Ransomware Attacks

“The ramifications of [CVE-2021-22005] are severe and it’s a matter of time – seemingly minutes after the disclosure – earlier than working exploits are publicly obtainable,” VMware said in an FAQ urging clients to instantly replace their vCenter installations.

“With the specter of ransomware looming these days the most secure stance is to imagine that an attacker could have already got management of a desktop and a consumer account via using strategies like phishing or spear-phishing, and act accordingly. This implies the attacker could already be capable of attain vCenter Server from inside a company firewall, and time is of the essence,” the corporate added.

Posted in SecurityTags:
Write a comment