Critical flaw in vCenter Server could give hackers infrastructure access

VMware is urging users to patch the 9.8-rated vulnerability as soon as possible

Organizations using VMware in their infrastructure have been warned of a critical vulnerability in the analytics service of vCenter Server.

This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server, according to a VMware blog post.

Handed the label CVE-2021-22005 and a CVSS score of 9.8, the vulnerability allows a malicious actor to access port 443 and upload a file that can exploit an unpatched server. The bugs were discovered by George Noseevich and Sergey Gerasimov of SolidLab LLC.

A follow-up Q&A post said the ramifications of this vulnerability “are serious and it is a matter of time – likely minutes after the disclosure – before working exploits are publicly available.”

“With the threat of ransomware looming nowadays the safest stance is to assume that an attacker may already have control of a desktop and a user account through the use of techniques like phishing or spear phishing, and act accordingly," VMware said.

"This means the attacker may already be able to reach vCenter Server from inside a corporate firewall, and time is of the essence.

Related Resource

Ransomware report

The global state of the channel

Global state of the channel - ransomware report from DattoDownload now

Bob Plankers, technical marketing architect at VMware said that in era of ransomware “it is safest to assume that an attacker is already inside your network somewhere, on a desktop and perhaps even in control of a user account, which is why we strongly recommend declaring an emergency change and patching as soon as possible.”

The news of the bug follows a remote code execution hole in vCentre in May. The vulnerability hits versions 6.7 and 7.0 of vCenter Server Appliances, with builds greater than 7.0U2c build 18356314 from August 24 and 6.7U3o build 18485166 released on September 21 patched. The exploit does not impact vCenter 6.5 versions.

Chris Sedgewick, director of security operations at Talion, told IT Pro that VMWare is a lucrative platform to target due to its global prevalence. He added that VMWare exploits have recently been extremely popular, with sophisticated state-backed groups and intelligence services using them to assist in successful campaign execution. “

“Back in May a similar exploit in vCentre was disclosed after Russian threat groups were exploiting it. Therefore, it is especially important for users to take swift action by quickly following the recommended actions and implementing the security updates for VMWare”” he said.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

Sophos Intercept X Advanced review: AI-powered protection
endpoint security

Sophos Intercept X Advanced review: AI-powered protection

30 Nov 2021
SMBs urged to update software ahead of Black Friday
e commerce

SMBs urged to update software ahead of Black Friday

25 Nov 2021
US adds dozen Chinese tech companies to trade blacklist
Policy & legislation

US adds dozen Chinese tech companies to trade blacklist

25 Nov 2021
Fifth of UK security pros discriminated against in 2021
Careers & training

Fifth of UK security pros discriminated against in 2021

23 Nov 2021

Most Popular

Business customers can get 30% off the Surface Laptop Go for Black Friday 2021
Laptops

Business customers can get 30% off the Surface Laptop Go for Black Friday 2021

26 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021
Flaw in Android phones could let attackers eavesdrop on calls
Google Android

Flaw in Android phones could let attackers eavesdrop on calls

26 Nov 2021