[BreachExchange] VMware Calls Attention to High-Severity vCenter Server Flaw

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Wed Sep 22 08:43:24 EDT 2021


https://www.securityweek.com/vmware-calls-attention-high-severity-vcenter-server-flaw

“Time is of the essence,” VMware said in a note calling attention to
CVE-2021-22005, a file upload bug in the vCenter Server Analytics service.
“The ramifications of this vulnerability are serious and it is a matter of
time – likely minutes after the disclosure – before working exploits are
publicly available.”

The company has attached a CVSSv3 base score of 9.8 to underscore the
severity of the vulnerability.

The Palo Alto, Calif. company said a malicious actor with network access to
port 443 on vCenter Server may exploit this issue to execute code on
vCenter Server by uploading a specially crafted file.

VMware took the extra step of warning that this type of security flaw is
perfect for ransomware actors. “With the threat of ransomware looming
nowadays the safest stance is to assume that an attacker may already have
control of a desktop and a user account through the use of techniques like
phishing or spear-phishing, and act accordingly. This means the attacker
may already be able to reach vCenter Server from inside a corporate
firewall, and time is of the essence.”

In total, the VMware patch bundle documents at least 19 security
vulnerabilities affecting the VMware vCenter Server and VMware Cloud
Foundation products.  These flaws range in severity and could expose users
to privilege escalation and information disclosure attacks.

The company urged customers to prioritize the privilege escalation issues
because of their value to ransomware gangs launching data encryption and
extortion attacks.

“In this era of ransomware it is safest to assume that an attacker is
already inside your network somewhere, on a desktop and perhaps even in
control of a user account, which is why we strongly recommend declaring an
emergency change and patching as soon as possible,” VMware said in a notice
accompanying the patch.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210922/6ca9504c/attachment.html>


More information about the BreachExchange mailing list