Security News > 2021 > September > Exploits imminent for critical VMware vCenter CVE-2021-22005 bug
Exploit code that could be used to achieve remote code execution on VMware vCenter Server vulnerable to CVE-2021-22005 is currently spreading online.
Publicly disclosed earlier this week when VMware also addressed it, the bug comes with a critical severity rating of 9.8 and a strong recommendation to install the available patch.
Earlier today, Vietnamese security researcher Jang published technical notes for CVE-2021-22005 based on the workaround and the patch from VMware.
The details are enough for experienced developers to create a working exploit that allows remote code execution with root privileges, the researcher told BleepingComputer.
Currently, there are thousands of vCenter Server instances exposed to the public internet but not all are vulnerable to CVE-2021-22005.
Provided the severity of the flaw, the interest in vulnerable vCenter Server deployments, and the availability of partial PoC exploit code, it is reasonable to assume that attacks leveraging CVE-2021-22005 are likely to start soon.
News URL
Related news
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) (source)
- Akira and Fog ransomware now exploit critical Veeam RCE flaw (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-23 | CVE-2021-22005 | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. | 9.8 |