Service Advisory – VMware Security Advisory (VMSA-2021-0020)
Posted on
September 22, 2021
Service Advisory
Please share the following information with your teams.
VMware published a new critical security advisory (VMSA-2021-0020) to address multiple vulnerabilities in vCenter Server (versions 6.5, 6.7 and 7) and Cloud Foundation (versions 3.x and 4.x). Exploitation of some of these vulnerabilities could lead to privilege escalation, remote code execution, access to restricted endpoints or to the manipulation of VM network settings.
Severity level
CVSS Score: 4.3 – 9.8
Description
The most urgent among the 19 vulnerabilities is an arbitrary file upload vulnerability in the Analytics service (CVE-2021-22005). A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file. This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server.
Affected Versions
VMware vCenter Server (versions 6.5, 6.7 and 7.0), VMware Cloud Foundation (vCenter Server – versions 3.x and 4.x).
Impact
An attacker could exploit these vulnerability to take control of an affected device.
Resolution
VMware products need to be updated or the mitigation measures should be applied in line with the VMware Advisory