IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Critical flaw in vCenter Server could give hackers infrastructure access

VMware is urging users to patch the 9.8-rated vulnerability as soon as possible

Organizations using VMware in their infrastructure have been warned of a critical vulnerability in the analytics service of vCenter Server.

This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server, according to a VMware blog post.

Handed the label CVE-2021-22005 and a CVSS score of 9.8, the vulnerability allows a malicious actor to access port 443 and upload a file that can exploit an unpatched server. The bugs were discovered by George Noseevich and Sergey Gerasimov of SolidLab LLC.

A follow-up Q&A post said the ramifications of this vulnerability “are serious and it is a matter of time – likely minutes after the disclosure – before working exploits are publicly available.”

“With the threat of ransomware looming nowadays the safest stance is to assume that an attacker may already have control of a desktop and a user account through the use of techniques like phishing or spear phishing, and act accordingly," VMware said.

"This means the attacker may already be able to reach vCenter Server from inside a corporate firewall, and time is of the essence.

Related Resource

Ransomware report

The global state of the channel

Global state of the channel - ransomware report from DattoDownload now

Bob Plankers, technical marketing architect at VMware said that in era of ransomware “it is safest to assume that an attacker is already inside your network somewhere, on a desktop and perhaps even in control of a user account, which is why we strongly recommend declaring an emergency change and patching as soon as possible.”

The news of the bug follows a remote code execution hole in vCentre in May. The vulnerability hits versions 6.7 and 7.0 of vCenter Server Appliances, with builds greater than 7.0U2c build 18356314 from August 24 and 6.7U3o build 18485166 released on September 21 patched. The exploit does not impact vCenter 6.5 versions.

Chris Sedgewick, director of security operations at Talion, told IT Pro that VMWare is a lucrative platform to target due to its global prevalence. He added that VMWare exploits have recently been extremely popular, with sophisticated state-backed groups and intelligence services using them to assist in successful campaign execution. “

“Back in May a similar exploit in vCentre was disclosed after Russian threat groups were exploiting it. Therefore, it is especially important for users to take swift action by quickly following the recommended actions and implementing the security updates for VMWare”” he said.

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Recommended

Cyber resiliency and end-user performance
Whitepaper

Cyber resiliency and end-user performance

17 Aug 2022
Can't choose between public and private cloud? You don't have to with IaaS
Whitepaper

Can't choose between public and private cloud? You don't have to with IaaS

12 Aug 2022
What is zero trust?
network security

What is zero trust?

14 Jul 2022
Retbleed hardware-level flaw brings overhead woe to Intel and AMD
Hardware

Retbleed hardware-level flaw brings overhead woe to Intel and AMD

13 Jul 2022

Most Popular

UK water supplier confirms hack by Cl0p ransomware gang
ransomware

UK water supplier confirms hack by Cl0p ransomware gang

16 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022