Critical flaw in vCenter Server could give hackers infrastructure access

VMware is urging users to patch the 9.8-rated vulnerability as soon as possible

Organizations using VMware in their infrastructure have been warned of a critical vulnerability in the analytics service of vCenter Server.

This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server, according to a VMware blog post.

Handed the label CVE-2021-22005 and a CVSS score of 9.8, the vulnerability allows a malicious actor to access port 443 and upload a file that can exploit an unpatched server. The bugs were discovered by George Noseevich and Sergey Gerasimov of SolidLab LLC.

A follow-up Q&A post said the ramifications of this vulnerability “are serious and it is a matter of time – likely minutes after the disclosure – before working exploits are publicly available.”

“With the threat of ransomware looming nowadays the safest stance is to assume that an attacker may already have control of a desktop and a user account through the use of techniques like phishing or spear phishing, and act accordingly," VMware said.

"This means the attacker may already be able to reach vCenter Server from inside a corporate firewall, and time is of the essence.

Related Resource

Ransomware report

The global state of the channel

Global state of the channel - ransomware report from DattoDownload now

Bob Plankers, technical marketing architect at VMware said that in era of ransomware “it is safest to assume that an attacker is already inside your network somewhere, on a desktop and perhaps even in control of a user account, which is why we strongly recommend declaring an emergency change and patching as soon as possible.”

The news of the bug follows a remote code execution hole in vCentre in May. The vulnerability hits versions 6.7 and 7.0 of vCenter Server Appliances, with builds greater than 7.0U2c build 18356314 from August 24 and 6.7U3o build 18485166 released on September 21 patched. The exploit does not impact vCenter 6.5 versions.

Chris Sedgewick, director of security operations at Talion, told IT Pro that VMWare is a lucrative platform to target due to its global prevalence. He added that VMWare exploits have recently been extremely popular, with sophisticated state-backed groups and intelligence services using them to assist in successful campaign execution. “

“Back in May a similar exploit in vCentre was disclosed after Russian threat groups were exploiting it. Therefore, it is especially important for users to take swift action by quickly following the recommended actions and implementing the security updates for VMWare”” he said.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Acer Taiwan falls victim to cyber attack
hacking

Acer Taiwan falls victim to cyber attack

18 Oct 2021
Marsh McLennan reveals its cyber risk analytics center
risk management

Marsh McLennan reveals its cyber risk analytics center

15 Oct 2021
£100 contactless payment limit could place shoppers at risk, warn industry experts
Policy & legislation

£100 contactless payment limit could place shoppers at risk, warn industry experts

15 Oct 2021
Hackers used MSHTML exploit a week before patches were ready
zero-day exploit

Hackers used MSHTML exploit a week before patches were ready

14 Oct 2021

Most Popular

HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021
Veritas Backup Exec 21.3 review: Covers every angle
backup software

Veritas Backup Exec 21.3 review: Covers every angle

14 Oct 2021
What is cyber warfare?
Security

What is cyber warfare?

15 Oct 2021