VMware vCenter - Remote Code Execution (CVE-2021-22005)
- Severity
- CVSSv3 Score
- 9.8
- Exploitable with Sniper
- No
- Vulnerability description
VMware vCenter is affected by an Arbitrary File Upload, located in the CEIP Analytics service. The root cause of this vulnerability is a logging functionality which is able to create files using unsanitized input from unauthenticated users. This allows attackers to gain remote access to the target system by altering cron configuration files in order to spawn reverse shells.
- Risk description
The risk exists that a remote unauthenticated attacker can fully compromise the server in order to steal confidential information, install ransomware or pivot to the internal network.
- Recommendation
Upgrade the VMware vCenter server to the latest version or apply the workaround provided by VMware.
- References
- Detectable with
- Network Scanner
- Vuln date
- Sep 2021
- Published at
- Updated at
- Software Type
- Virtualization
- Vendor
- VMWare
- Product
- vCenter Server
- Codename
- Not available
