A new severe, arbitrary file upload VMware vCenter Server vulnerability, identified as CVE-2021-22005, needs immediate patching.
Impacting VMware Analytics service, the flaw affects all appliances running default 6.5, 6.7 and 7.0 installations. The vulnerability is a part of a broader mix of security flaws (VMSA-2021-0020), but appears to be the most dangerous and urgent one.
How urgent is the vulnerability? “These updates fix a critical security vulnerability, and your response needs to be considered at once,” said Bob Plankers, VMware’s Technical Marketing Architect.
The severe status of the vulnerability is based on the fact that anyone who can reach vCenter Server over the network to gain access can abuse the issue, regardless of the configuration settings of vCenter Server.
“In this era of ransomware it is safest to assume that an attacker is already inside your network somewhere, on a desktop and perhaps even in control of a user account, which is why we strongly recommend declaring an emergency change and patching as soon as possible,” Plankers added.
In fact, two vulnerabilities in the VMWare ESXi product were recently included in the attacks of at least one prominent ransomware gang.
Furthermore, CVE-2021-22005 can be exploited to execute commands and executables on the vCenter Server Appliance. The issue is so severe that exploits stemming from it are likely being coined minutes after the disclosure.
Other Recent VMware Flaws with Critical Status
In June 2021, another critical issue was addressed in VMware’s Carbon Black App Control management server. Rated 9.4 according to the CVSS scale, the severe flaw could grant threat actors with admin rights without any authentication.
CVE-2021-21985 is another critical vulnerability in VMware vCenter that needed to be patched immediately. The vulnerability was rated with a CVSS score of 9.8 out of 10, and could enable a malicious actor to execute arbitrary code on a targeted server.