5th December 2022

Critical Vulnerability in VMware vCenter Server – CVE-2021-22005

VMware has disclosed a critical random file upload vulnerability that affects all of its customers’ analytics service devices running vCenter Server 6.7 and 7.0 distributions. “This vulnerability can be exploited by anyone who can access the vCenter Server over the network to gain access regardless of the vCenter Server’s configuration settings,” said Bob Plankers, VMware technical marketing manager. The vulnerability tracked as CVE-2021-22005 and with a CVSS 3.1 severity rating of 9.8/10, could be exploited by attackers to execute commands and software on unpatched vCenter server deployments by uploading a specially crafted file.

Vulnerability in VMware vCenter Server
Vulnerability in VMware vCenter Server

 

Affected Systems and CVE/CWE

It has been stated that the following system/product is affected:

  • VMware vCenter Server

CVE/CWE: CVE-2021-22005

Solution for vCenter Server

We recommend that you install the updates from the link below.

https://www.vmware.com/security/advisories/VMSA-2021-0020.html

Mitigate recommendations for those unable to update You need to manually restart the services on the VM or use a script provided by VMware to eliminate the possibility of exploits. You can access the details from the link below.

https://kb.vmware.com/s/article/85717

Reference:

https://www.vmware.com/security/advisories/VMSA-2021-0020.html

LEARN MORE  What is McAfee ePO? McAfee ePO 5.10 Installation

Leave a Reply

Your email address will not be published. Required fields are marked *