Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

VMware Calls Attention to High-Severity vCenter Server Flaw

Cloud computing and virtualization technology giant VMware on Tuesday shipped an urgent security patch for a flaw in its vCenter Server product and warned users to expect public exploit code within minutes of disclosure.

Cloud computing and virtualization technology giant VMware on Tuesday shipped an urgent security patch for a flaw in its vCenter Server product and warned users to expect public exploit code within minutes of disclosure.

“Time is of the essence,” VMware said in a note calling attention to CVE-2021-22005, a file upload bug in the vCenter Server Analytics service. “The ramifications of this vulnerability are serious and it is a matter of time – likely minutes after the disclosure – before working exploits are publicly available.”

The company has attached a CVSSv3 base score of 9.8 to underscore the severity of the vulnerability.

The Palo Alto, Calif. company said a malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.

VMware took the extra step of warning that this type of security flaw is perfect for ransomware actors. “With the threat of ransomware looming nowadays the safest stance is to assume that an attacker may already have control of a desktop and a user account through the use of techniques like phishing or spear-phishing, and act accordingly. This means the attacker may already be able to reach vCenter Server from inside a corporate firewall, and time is of the essence.

[ READ: US Gov Warning: VPN, Network Perimeter Product Flaws Under Constant Attack ]

In total, the VMware patch bundle documents at least 19 security vulnerabilities affecting the VMware vCenter Server and VMware Cloud Foundation products.  These flaws range in severity and could expose users to privilege escalation and information disclosure attacks.

The company urged customers to prioritize the privilege escalation issues because of their value to ransomware gangs launching data encryption and extortion attacks.

“In this era of ransomware it is safest to assume that an attacker is already inside your network somewhere, on a desktop and perhaps even in control of a user account, which is why we strongly recommend declaring an emergency change and patching as soon as possible,” VMware said in a notice accompanying the patch. 

Related: Researchers Raise Alarm for F5 BIG-IP Malware Attacks

Related: Microsoft: Multiple Exchange Server Zero-Days Under Attack

Related: NSA: Russian Hackers Exploiting VPN Vulnerabilities – Patch Now

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Nation-State

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.