3:30am, 23 September 2021
TLP Rating:
Active scanning for VMware vCenter Vulnerability
Active scanning has been reported within hours of VMware releasing a patch for the CVE-2021-22005 file upload vulnerability. This vulnerability could lead to unauthenticated attackers executing arbitrary code remotely. The vulnerability does not require user interaction and is reported to be simple to exploit.
What's happening
Systems affected
This vulnerability affects VMware vCenter Servers 6.7 and 7.0.
What this means
The file upload vulnerability can lead to remote code execution (see VMware’s security advisory External Link for full description and attack vectors).
What to look for
How to tell if you're at risk
If you run vCenter Server 6.7 or 7.0 and have not yet updated to versions:
- vCenter Server 7.0 U2c
- vCenter Server 6.7 U3o
What to do
Prevention
CERT NZ recommends that you apply the latest updates to all vCenter Servers as soon as possible.
More information
VMware:
- VMware advisory of the vulnerability External Link .
- VMware vCenter Server 7.0 Update 2c External Link .
If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.
Report an incident to CERT NZ External Link
For media enquiries, email our media desk at certmedia@cert.govt.nz or call on 021 854 384
How helpful was this page?
This site is protected by reCAPTCHA and the Google Privacy Policy External Link and Terms of Service External Link apply.