Critical flaw in vCenter Server could give hackers infrastructure access
VMware is urging users to patch the 9.8-rated vulnerability as soon as possible
Organizations using VMware in their infrastructure have been warned of a critical vulnerability in the analytics service of vCenter Server.
Handed the label CVE-2021-22005 and a CVSS score of 9.8, the vulnerability allows a malicious actor to access port 443 and upload a file that can exploit an unpatched server. The bugs were discovered by George Noseevich and Sergey Gerasimov of SolidLab LLC.
A follow-up Q&A post said the ramifications of this vulnerability “are serious and it is a matter of time – likely minutes after the disclosure – before working exploits are publicly available.”
“With the threat of ransomware looming nowadays the safest stance is to assume that an attacker may already have control of a desktop and a user account through the use of techniques like phishing or spear phishing, and act accordingly," VMware said.
"This means the attacker may already be able to reach vCenter Server from inside a corporate firewall, and time is of the essence.
The global state of the channelDownload now
Bob Plankers, technical marketing architect at VMware said that in era of ransomware “it is safest to assume that an attacker is already inside your network somewhere, on a desktop and perhaps even in control of a user account, which is why we strongly recommend declaring an emergency change and patching as soon as possible.”
The news of the bug follows a remote code execution hole in vCentre in May. The vulnerability hits versions 6.7 and 7.0 of vCenter Server Appliances, with builds greater than 7.0U2c build 18356314 from August 24 and 6.7U3o build 18485166 released on September 21 patched. The exploit does not impact vCenter 6.5 versions.
Chris Sedgewick, director of security operations at Talion, told IT Pro that VMWare is a lucrative platform to target due to its global prevalence. He added that VMWare exploits have recently been extremely popular, with sophisticated state-backed groups and intelligence services using them to assist in successful campaign execution. “
“Back in May a similar exploit in vCentre was disclosed after Russian threat groups were exploiting it. Therefore, it is especially important for users to take swift action by quickly following the recommended actions and implementing the security updates for VMWare”” he said.
Modern governance: The how-to guide
Equipping organisations with the right tools for business resilienceFree Download
Cloud operational excellence
Everything you need to know about optimising your cloud operationsWatch now
A buyer’s guide to board management software
How the right software can improve your board’s performance
The real world business value of Oracle autonomous data warehouse
Lead with a 417% five-year ROIDownload now