Skip to main content

VMware vCenter Critical RCE Vulnerability

A new vulnerability, CVE-2021-22005, has been discovered in VMware's vCenter Server. A remote attacker could exploit this vulnerability to execute their own commands on vulnerable systems.

Threat ID:
CC-3948
Threat Severity:
High
Threat Vector:
Exploit, Insecure network
Published:
22 September 2021 1:44 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

A new vulnerability, CVE-2021-22005, has been discovered in VMware's vCenter Server. A remote attacker could exploit this vulnerability to execute their own commands on vulnerable systems.

Affected platforms

The following platforms are known to be affected:

Versions: 6.7 and later

VMware vCenter Server

Threat details

Introduction

VMware has released details of a critical remote code execution (RCE) vulnerability affecting their vCenter Server server management software. They claim that an unauthenticated attacker could exploit this vulnerability to take control of affected systems or propagate to connected systems.

Vulnerability details

The vulnerability appears to be the result of a flaw in the Analytics service, a default service used by vCenter Server. In vulnerable systems, the Analytics service does not properly secure files sent to it on it's management port. A user with access to port 443 may exploit this to execute arbitrary command by sending a specially crafted file to the Analytics service.

Active exploitation

CVE-2021-22005 now appears to be under active exploitation. Several proof-of-concept exploits for the vulnerability have been detected in new campaigns by ransomware and cryptomining groups.

Remediation advice

Affected organisations are required to review VMware security advisory VMSA-2021-0020 and apply any relevant updates.

VMware has also provided details of a workaround to CVE-2021-22005, although they have stressed that this solution is temporary and the workaround will not totally address the vulnerability.

Last edited: 28 September 2021 2:19 pm