Security News > 2021 > September > Working exploit released for VMware vCenter CVE-2021-22005 bug
A complete exploit for the remote code execution vulnerability in VMware vCenter tracked as CVE-2021-22005 is now widely available, and threat actors are taking advantage of it.
On Monday, exploit writer wvu released an unredacted exploit for CVE-2021-22005 that works against endpoints with the Customer Experience Improvement Program component enabled, which is the default state.
VMware describes the vulnerability as being exploitable "By anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server."
VMware's advisory states that CVE-2021-22005 could be exploited "By anyone who can reach vCenter Server over the network," results from search engines indexing machines exposed on the public internet showed thousands of VMware vCenter hosts accessible over the web.
In an advisory on Friday, CISA also urged critical infrastructure organizations with vulnerable vCenter servers to prioritize updating the machines or to apply the temporary workaround from VMware.
Threat actors have shown interest in this vulnerability early on, just hours after VMware disclosed it, and they quickly built a working exploit from the incomplete code that security researcher Jang released last week along with some technical notes.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-23 | CVE-2021-22005 | Path Traversal vulnerability in VMWare Cloud Foundation and Vcenter Server The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. | 9.8 |