VMware warns customers to immediately fix a critical arbitrary file upload vulnerability in Analytics, affecting all devices running default vCenter Server 6.7 and 7.0 deployments.
Server vCenter is a server management solution that helps IT admins manage virtual hosts and virtual machines in business environments through a single console.
What is the severity of the critical error?
The security flaw - identified as CVE-2021-22005 and with a CVSS 3.1 severity rating of 9,8 / 10 - can be exploited by attackers to execute commands and software on non-custom vCenter Server deployments by uploading a specially created file.
This bug was reported by George Noseevich and Sergey Gerasimov of SolidLab LLC and can be exploited by remote hackers in low-complexity attacks that do not require user interaction.
According to the company, fixing this vulnerability should be added to the top of every IT administrator's to-do list, as operational exploits are likely to appear immediately after the bug is detected.
A solution is available
VMware also provides a solution for those who can not immediately repair their appliances as a temporary solution.
The steps described here require you to edit a text file on your virtual device and restart the service manually or using a script provided by VMware to remove the exploitation feature.
A detailed FAQ document with additional questions and answers about Vulnerability CVE-2021-22005 is available here.
In May, VMware issued a similar warning about a critical Remote Code Execution (RCE) vulnerability in the Virtual SAN Health Check plug-in that affects all vCenter Server deployments.
Source of information: bleepingcomputer.com