Security News > 2021 > September > Break out your emergency change process and patch this ransomware-friendly bug ASAP, says VMware
VMware has disclosed a critical bug in its flagship vSphere and vCenter products and urged users to drop everything and patch it.
The worst of the bunch is CVE-2021-22005, described as "An arbitrary file upload vulnerability in the Analytics service" that's part of vCenter Server.
"A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file," states VMware's advisory.
As vCenter Server is VMware's tool to manage fleets of virtual machines, the potential for mayhem is considerable.
For now, there's no debate: if you run vCenter Server or VMware Cloud Foundation, you have two jobs.
Cloud Foundation 3.x and 4.x, vCenter Server 6.7 and 7.0, all need patches, ASAP. That's your second job.
News URL
Related news
- BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave (source)
- Cicada3301 ransomware’s Linux encryptor targets VMware ESXi systems (source)
- Linux version of new Cicada ransomware targets VMware ESXi servers (source)
- VMware ESXi Servers Targeted by New Ransomware Variant from Cicada3301 Group (source)
- Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-23 | CVE-2021-22005 | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. | 9.8 |