Security News > 2021 > September > Plug critical VMware vCenter Server flaw before ransomware gangs start exploiting it (CVE-2021-22005)
VMware has fixed 19 vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation, the most critical of which is CVE-2021-22005.
"This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server," the company noted.
"The ramifications of this vulnerability are serious and it is a matter of time - likely minutes after the disclosure - before working exploits are publicly available. With the threat of ransomware looming nowadays the safest stance is to assume that an attacker may already have control of a desktop and a user account through the use of techniques like phishing or spearphishing, and act accordingly. This means the attacker may already be able to reach vCenter Server from inside a corporate firewall, and time is of the essence."
VMware vCenter Server is software that allows administrators to provision, monitor, orchestrate, and control their VMware vSphere deployments from a centralized location.
The offered security updates fix 19 vulnerabilities in all, most of which have been reported by George Noseevich and Sergey Gerasimov of SolidLab LLC. The vulnerabilities affect vCenter Server versions 6.5, 6.7, and 7.0 and Cloud Foundation versions 3.x and 4.x. CVE-2021-22005 - the most critical one, with a CVSS score of 9.8 - is an arbitrary file upload vulnerability in the Analytics service, which can be used to execute commands and software on the vCenter Server Appliance.
"While there are currently no reports of exploitation, we expect this to quickly change within days - just as previous critical vCenter vulnerabilities did. Additionally, Rapid7 recommends that, as a general practice, network access to critical organizational infrastructure only be allowed via VPN and never open to the public internet," he added.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/_5Znc4nMJqs/
Related news
- Chilean hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- Hosting firm's VMware ESXi servers hit by new SEXi ransomware (source)
- Phobos Ransomware Aggressively Targeting U.S. Critical Infrastructure (source)
- BlackCat ransomware turns off servers amid claim they stole $22 million ransom (source)
- Critical JetBrains TeamCity On-Premises Flaws Could Lead to Server Takeovers (source)
- VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion (source)
- FBI: Critical infrastructure suffers spike in ransomware attacks (source)
- Major shifts in identity, ransomware, and critical infrastructure threat trends (source)
- VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation (source)
- A critical vulnerability in Delinea Secret Server allows auth bypass, admin access (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-23 | CVE-2021-22005 | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. | 9.8 |