Critical flaw in vCenter Server could give hackers infrastructure access
VMware is urging users to patch the 9.8-rated vulnerability as soon as possible
Organizations using VMware in their infrastructure have been warned of a critical vulnerability in the analytics service of vCenter Server.
This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server, according to a VMware blog post.
Handed the label CVE-2021-22005 and a CVSS score of 9.8, the vulnerability allows a malicious actor to access port 443 and upload a file that can exploit an unpatched server. The bugs were discovered by George Noseevich and Sergey Gerasimov of SolidLab LLC.
A follow-up Q&A post said the ramifications of this vulnerability “are serious and it is a matter of time – likely minutes after the disclosure – before working exploits are publicly available.”
“With the threat of ransomware looming nowadays the safest stance is to assume that an attacker may already have control of a desktop and a user account through the use of techniques like phishing or spear phishing, and act accordingly," VMware said.
"This means the attacker may already be able to reach vCenter Server from inside a corporate firewall, and time is of the essence.
RELATED RESOURCE
Bob Plankers, technical marketing architect at VMware said that in era of ransomware “it is safest to assume that an attacker is already inside your network somewhere, on a desktop and perhaps even in control of a user account, which is why we strongly recommend declaring an emergency change and patching as soon as possible.”
The news of the bug follows a remote code execution hole in vCentre in May. The vulnerability hits versions 6.7 and 7.0 of vCenter Server Appliances, with builds greater than 7.0U2c build 18356314 from August 24 and 6.7U3o build 18485166 released on September 21 patched. The exploit does not impact vCenter 6.5 versions.
Chris Sedgewick, director of security operations at Talion, told IT Pro that VMWare is a lucrative platform to target due to its global prevalence. He added that VMWare exploits have recently been extremely popular, with sophisticated state-backed groups and intelligence services using them to assist in successful campaign execution. “
“Back in May a similar exploit in vCentre was disclosed after Russian threat groups were exploiting it. Therefore, it is especially important for users to take swift action by quickly following the recommended actions and implementing the security updates for VMWare”” he said.
-
Why leaders need to build resilience to avoid AI burnoutIn-depth Stress levels are surging among those in leadership roles due to accelerating AI adoption – resilience is key to avoiding burnout
-
How practical-based learning for AI can close the digital skills gapEquipping the next generation of AI-engineers, developers, and leaders with hands-on experience and practical teaching resources is key
-
Ubuntu vulnerability exposes enterprises to root escalation, complete system compromiseNews The high-severity Ubuntu vulnerability allows an unprivileged local attacker to escalate privileges through the interaction of two standard system components
-
Security agencies issue warning over critical Cisco Catalyst SD-WAN vulnerabilityNews Threat actors have been exploiting the vulnerability to achieve root access since 2023
-
Millions of developers could be impacted by flaws in Visual Studio Code extensions – here's what you need to know and how to protect yourselfNews The VS Code vulnerabilities highlight broader IDE security risks, said OX Security
-
CVEs are set to top 50,000 this year, marking a record high – here’s how CISOs and security teams can prepare for a looming onslaughtNews While the CVE figures might be daunting, they won't all be relevant to your organization
-
Microsoft patches six zero-days targeting Windows, Word, and more – here’s what you need to knowNews Patch Tuesday update targets large number of vulnerabilities already being used by attackers
-
Experts welcome EU-led alternative to MITRE's vulnerability tracking schemeNews The EU-led framework will reduce reliance on US-based MITRE vulnerability reporting database
-
Veeam patches Backup & Replication vulnerabilities, urges users to updateNews The vulnerabilities affect Veeam Backup & Replication 13.0.1.180 and all earlier version 13 builds – but not previous versions.
-
Two Fortinet vulnerabilities are being exploited in the wild – patch nowNews Arctic Wolf and Rapid7 said security teams should act immediately to mitigate the Fortinet vulnerabilities
