VMware Warns of Critical Content Upload Vulnerability Affecting vCenter Server – The Hacker News

VMware on Tuesday published a new bulletin warning of as many as 19 vulnerabilities in vCenter Server and Cloud Foundation appliances that a remote attacker could exploit to take control of an affected system.

The most urgent among them is an arbitrary file upload vulnerability in the Analytics service (CVE-2021-22005) that impacts vCenter Server 6.7 and 7.0 deployments. “A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file,” the company noted , adding “this vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server.”

Although VMware has published workarounds for the flaw, the company cautioned that they are “meant to be a temporary solution until updates […] can be deployed.”

The complete list of flaws patched by the virtualization services provider is as follows —

• CVE-2021-22005 (CVSS score: 9.8) – vCenter Server file upload vulnerability
• CVE-2021-21991 (CVSS score: 8.8) – vCenter Server local privilege escalation vulnerability
• CVE-2021-22006 (CVSS score: 8.3) – vCenter Server reverse proxy bypass vulnerability
• CVE-2021-22011 (CVSS score: 8.1) – vCenter server unauthenticated API endpoint vulnerability
• CVE-2021-22015 (CVSS score: 7.8) – vCenter Server improper permission local privilege escalation vulnerabilities
• CVE-2021-22012 (CVSS score: 7.5) – vCenter Server unauthenticated API information disclosure vulnerability
• CVE-2021-22013 (CVSS score: 7.5) – vCenter Server file path traversal vulnerability
• CVE-2021-22016 (CVSS score: 7.5) – vCenter Server reflected XSS vulnerability
• CVE-2021-22017 (CVSS score: 7.3) – vCenter Server rhttpproxy bypass vulnerability
• CVE-2021-22014 (CVSS score: 7.2) – vCenter Server authenticated code execution vulnerability
• CVE-2021-22018 (CVSS score: 6.5) – vCenter Server file deletion vulnerability
• CVE-2021-21992 (CVSS score: 6.5) – vCenter Server XML parsing denial-of-service vulnerability
• CVE-2021-22007 (CVSS score: 5.5) – vCenter Server local information disclosure vulnerability
• CVE-2021-22019 (CVSS score: 5.3) – vCenter Server denial of service vulnerability
• CVE-2021-22009 (CVSS score: 5.3) – vCenter Server VAPI multiple denial of service vulnerabilities
• CVE-2021-22010 (CVSS score: 5.3) – vCenter Server VPXD denial of service vulnerability
• CVE-2021-22008 (CVSS score: 5.3) – vCenter Server information disclosure vulnerability
• CVE-2021-22020 (CVSS score: 5.0) – vCenter Server Analytics service denial-of-service vulnerability
• CVE-2021-21993 (CVSS score: 4.3) – vCenter Server SSRF vulnerability

Credited with reporting most of the flaws are George Noseevich and Sergey Gerasimov of SolidLab LLC, alongside Hynek Petrak of Schneider Electric, Yuval Lazar of Pentera, and Osama Alaa of Malcrove.

“The ramifications of [CVE-2021-22005] are serious and is a matter of time – prospective minutes after the disclosure : before working exploits are actually publicly available, ” VMware said in an FAQ advocating customers to immediately renew their vCenter installations.

“With the real danger of ransomware looming at present the safest stance is always assume that an attacker could already have control of a [desktop] and a user account by employing techniques like phishing or possibly spear-phishing, and act hereat. This means the attacker would probably already be able to reach vCenter Server from inside a corporate fire wall, and time is of a number of, ” the company added.

Source of this news: https://thehackernews.com/2021/09/vmware-warns-of-critical-file-upload.html