VMware issued a security advisory and patches for multiple vulnerabilities that impact VMware vCenter Server. One of those fixed issues is a Critical vulnerability exploited in the wild.
An attacker could exploit these vulnerabilities and potentially take over impacted systems.
The VMware vCenter Server updates address a Critical upload vulnerability (CVE-2021-22005) in the Analytics service.
“A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file,” VMware warned in the advisory.
Moreover, VMware “has confirmed reports that CVE-2021-22005 is being exploited in the wild.“
The CVSSv3 base score is rated 9.8.
Other vCenter vulnerabilities
VMware also patched multiple other High severity vulnerabilities (by CVSS score) to include:
- CVE-2021-21991: vCenter Server local privilege escalation vulnerability
- CVE-2021-22011: vCenter server unauthenticated API endpoint vulnerability
- CVE-2021-22015: vCenter Server improper permission local privilege escalation vulnerabilities
- CVE-2021-22012: vCenter Server unauthenticated API information disclosure vulnerability
- CVE-2021-22017: vCenter Server rhttpproxy bypass vulnerability
- CVE-2021-22014: vCenter Server authenticated code execution vulnerability
- CVE-2021-22018: vCenter Server file deletion vulnerability.
The CVSSv3 base scores range from 7.0 to 8.8.
In addition, VMware fixed multiple Medium severity vulnerabilities (with CVSS scores of 4.3 to 6.7).
Readers may recall when security researchers discovered just this past June thousands of vulnerable unpatched VMware vCenter servers were exposed on the internet. Multiple proof-of-concepts (PoCs) were also posted online for exploits against a remote code execution vulnerability.
This further reinforces the urgency to patch impacted systems as soon as possible.
- VMware patches High risk vulnerability (CVE-2021-22002) in Workspace ONE Access and Identity Manager
- Babuk ransomware: Soon to be targeting VMware and *nix systems?
- VMware patches 2 High risk ESXi vulnerabilities
- VMware patches Critical Carbon Black AppC authentication bypass vulnerability (CVE-2021-21998)
- VMware patches Critical vulnerability that exposed thousands of servers online
- VMware issues workaround for Critical command injection vulnerability (CVE-2020-4006) – Updated