VMware Warns of Vital File Add Vulnerability Affecting vCenter Server

vCenter Server

VMware on Tuesday printed a brand new bulletin warning of as many as 19 vulnerabilities in vCenter Server and Cloud Basis home equipment {that a} distant attacker might exploit to take management of an affected system.

Essentially the most pressing amongst them is an arbitrary file add vulnerability within the Analytics service (CVE-2021-22005) that impacts vCenter Server 6.7 and seven.0 deployments. “A malicious actor with community entry to port 443 on vCenter Server could exploit this concern to execute code on vCenter Server by importing a specifically crafted file,” the corporate famous, including “this vulnerability can be utilized by anybody who can attain vCenter Server over the community to achieve entry, whatever the configuration settings of vCenter Server.”

Though VMware has printed workarounds for the flaw, the corporate cautioned that they’re “meant to be a short lived answer till updates […] may be deployed.”

The whole listing of flaws patched by the virtualization providers supplier is as follows —

  • CVE-2021-22005 (CVSS rating: 9.8) – vCenter Server file add vulnerability
  • CVE-2021-21991 (CVSS rating: 8.8) – vCenter Server native privilege escalation vulnerability
  • CVE-2021-22006 (CVSS rating: 8.3) – vCenter Server reverse proxy bypass vulnerability
  • CVE-2021-22011 (CVSS rating: 8.1) – vCenter server unauthenticated API endpoint vulnerability
  • CVE-2021-22015 (CVSS rating: 7.8) – vCenter Server improper permission native privilege escalation vulnerabilities
  • CVE-2021-22012 (CVSS rating: 7.5) – vCenter Server unauthenticated API data disclosure vulnerability
  • CVE-2021-22013 (CVSS rating: 7.5) – vCenter Server file path traversal vulnerability
  • CVE-2021-22016 (CVSS rating: 7.5) – vCenter Server mirrored XSS vulnerability
  • CVE-2021-22017 (CVSS rating: 7.3) – vCenter Server rhttpproxy bypass vulnerability
  • CVE-2021-22014 (CVSS rating: 7.2) – vCenter Server authenticated code execution vulnerability
  • CVE-2021-22018 (CVSS rating: 6.5) – vCenter Server file deletion vulnerability
  • CVE-2021-21992 (CVSS rating: 6.5) – vCenter Server XML parsing denial-of-service vulnerability
  • CVE-2021-22007 (CVSS rating: 5.5) – vCenter Server native data disclosure vulnerability
  • CVE-2021-22019 (CVSS rating: 5.3) – vCenter Server denial of service vulnerability
  • CVE-2021-22009 (CVSS rating: 5.3) – vCenter Server VAPI a number of denial of service vulnerabilities
  • CVE-2021-22010 (CVSS rating: 5.3) – vCenter Server VPXD denial of service vulnerability
  • CVE-2021-22008 (CVSS rating: 5.3) – vCenter Server data disclosure vulnerability
  • CVE-2021-22020 (CVSS rating: 5.0) – vCenter Server Analytics service denial-of-service vulnerability
  • CVE-2021-21993 (CVSS rating: 4.3) – vCenter Server SSRF vulnerability

Credited with reporting a lot of the flaws are George Noseevich and Sergey Gerasimov of SolidLab LLC, alongside Hynek Petrak of Schneider Electrical, Yuval Lazar of Pentera, and Osama Alaa of Malcrove.

Prevent Data Breaches

“The ramifications of [CVE-2021-22005] are critical and it’s a matter of time – probably minutes after the disclosure – earlier than working exploits are publicly obtainable,” VMware mentioned in an FAQ urging clients to instantly replace their vCenter installations.

“With the specter of ransomware looming these days the most secure stance is to imagine that an attacker could have already got management of a desktop and a person account by way of the usage of strategies like phishing or spear-phishing, and act accordingly. This implies the attacker could already be capable of attain vCenter Server from inside a company firewall, and time is of the essence,” the corporate added.



Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts