Security News > 2021 > September > Plug critical VMware vCenter Server flaw before ransomware gangs start exploiting it (CVE-2021-22005)
VMware has fixed 19 vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation, the most critical of which is CVE-2021-22005.
"This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server," the company noted.
"The ramifications of this vulnerability are serious and it is a matter of time - likely minutes after the disclosure - before working exploits are publicly available. With the threat of ransomware looming nowadays the safest stance is to assume that an attacker may already have control of a desktop and a user account through the use of techniques like phishing or spearphishing, and act accordingly. This means the attacker may already be able to reach vCenter Server from inside a corporate firewall, and time is of the essence."
VMware vCenter Server is software that allows administrators to provision, monitor, orchestrate, and control their VMware vSphere deployments from a centralized location.
The offered security updates fix 19 vulnerabilities in all, most of which have been reported by George Noseevich and Sergey Gerasimov of SolidLab LLC. The vulnerabilities affect vCenter Server versions 6.5, 6.7, and 7.0 and Cloud Foundation versions 3.x and 4.x. CVE-2021-22005 - the most critical one, with a CVSS score of 9.8 - is an arbitrary file upload vulnerability in the Analytics service, which can be used to execute commands and software on the vCenter Server Appliance.
"While there are currently no reports of exploitation, we expect this to quickly change within days - just as previous critical vCenter vulnerabilities did. Additionally, Rapid7 recommends that, as a general practice, network access to critical organizational infrastructure only be allowed via VPN and never open to the public internet," he added.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/_5Znc4nMJqs/
Related news
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware (source)
- GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access (source)
- VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-23 | CVE-2021-22005 | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. | 9.8 |