Home > Cyber News > CVE-2021-22005: VMware vCenter Flaw Could Be Exploited by Ransomware

CVE-2021-22005: VMware vCenter Flaw Could Be Exploited by Ransomware


A new severe, arbitrary file upload VMware vCenter Server vulnerability, identified as CVE-2021-22005, needs immediate patching.

Impacting VMware Analytics service, the flaw affects all appliances running default 6.5, 6.7 and 7.0 installations. The vulnerability is a part of a broader mix of security flaws (VMSA-2021-0020), but appears to be the most dangerous and urgent one.


How urgent is the vulnerability? “These updates fix a critical security vulnerability, and your response needs to be considered at once,” said Bob Plankers, VMware’s Technical Marketing Architect.

The severe status of the vulnerability is based on the fact that anyone who can reach vCenter Server over the network to gain access can abuse the issue, regardless of the configuration settings of vCenter Server.

“In this era of ransomware it is safest to assume that an attacker is already inside your network somewhere, on a desktop and perhaps even in control of a user account, which is why we strongly recommend declaring an emergency change and patching as soon as possible,” Plankers added.

In fact, two vulnerabilities in the VMWare ESXi product were recently included in the attacks of at least one prominent ransomware gang.

Furthermore, CVE-2021-22005 can be exploited to execute commands and executables on the vCenter Server Appliance. The issue is so severe that exploits stemming from it are likely being coined minutes after the disclosure.

Other Recent VMware Flaws with Critical Status

In June 2021, another critical issue was addressed in VMware’s Carbon Black App Control management server. Rated 9.4 according to the CVSS scale, the severe flaw could grant threat actors with admin rights without any authentication.

CVE-2021-21985 is another critical vulnerability in VMware vCenter that needed to be patched immediately. The vulnerability was rated with a CVSS score of 9.8 out of 10, and could enable a malicious actor to execute arbitrary code on a targeted server.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree