Once again, if a malicious actor can hit port 443 on vCenter Server, it’s goodnight nurse.
If you haven’t patched vCenter in recent months, please do so at your earliest convenience. Following on from its remote code execution hole in vCentre in May, VMware has warned of a critical vulnerability in the analytics service of vCenter Server. «A file upload vulnerability that can be used to execute commands and software on the vCenter Server Appliance. This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server,» the company said in a blog post. Handed the label CVE-2021-22005, the vulnerability hit a CVSSv3 score of 9.8, and means a malicious actor only needs to access port 443 and have a file to upload that is capable to exploiting an unpatched server. The vulnerability hits versions 6.7 and 7.0 of vCenter Server Appliances, with builds greater than 7.0U2c build 18356314 from August 24 and 6.
