HomesecurityVMware: Critical bug in default vCenter Server installs

VMware: Critical bug in default vCenter Server installs

VMware warns customers to immediately fix a critical arbitrary file upload vulnerability in Analytics, affecting all devices running default vCenter Server 6.7 and 7.0 deployments.


See also: Windows MSHTML bug: Ransomware groups are taking advantage of the error

Server vCenter is a server management solution that helps IT admins manage virtual hosts and virtual machines in business environments through a single console.

What is the severity of the critical error?

The security flaw - identified as CVE-2021-22005 and with a CVSS 3.1 severity rating of 9,8 / 10 - can be exploited by attackers to execute commands and software on non-custom vCenter Server deployments by uploading a specially created file.

This bug was reported by George Noseevich and Sergey Gerasimov of SolidLab LLC and can be exploited by remote hackers in low-complexity attacks that do not require user interaction.

According to the company, fixing this vulnerability should be added to the top of every IT administrator's to-do list, as operational exploits are likely to appear immediately after the bug is detected.

See also: Patch Tuesday September 2021: Microsoft fixes critical bugs

A solution is available

VMware also provides a solution for those who can not immediately repair their appliances as a temporary solution.

The steps described here require you to edit a text file on your virtual device and restart the service manually or using a script provided by VMware to remove the exploitation feature.

A detailed FAQ document with additional questions and answers about Vulnerability CVE-2021-22005 is available here.

See also: FBI and CISA: Hackers exploit a critical Zoho bug

In May, VMware issued a similar warning about a critical Remote Code Execution (RCE) vulnerability in the Virtual SAN Health Check plug-in that affects all vCenter Server deployments.

Source of information:

Teo Ehc
Be the limited edition.