Active scanning for VMware vCenter Vulnerability

Our advisories highlight current cyber security threats and vulnerabilities in New Zealand, and provide guidance on how to mitigate their impact.

Subscribe to our updates to be notified as soon as we publish an advisory.

3:30am, 23 September 2021

TLP Rating: Clear

Active scanning for VMware vCenter Vulnerability

Active scanning has been reported within hours of VMware releasing a patch for the CVE-2021-22005 file upload vulnerability. This vulnerability could lead to unauthenticated attackers executing arbitrary code remotely. The vulnerability does not require user interaction and is reported to be simple to exploit.

What's happening

Systems affected

This vulnerability affects VMware vCenter Servers 6.7 and 7.0.

What this means

The file upload vulnerability can lead to remote code execution (see VMware’s security advisory External Link for full description and attack vectors).

What to look for

How to tell if you're at risk

If you run vCenter Server 6.7 or 7.0 and have not yet updated to versions:

  • vCenter Server 7.0 U2c
  • vCenter Server 6.7 U3o

What to do

Prevention

CERT NZ recommends that you apply the latest updates to all vCenter Servers as soon as possible.

More information

VMware:

 

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report an incident to CERT NZ External Link

 

For media enquiries, email our media desk at certmedia@cert.govt.nz or call on 021 854 384