[German]VMware has published information on a total of 19 vulnerabilities in the products VMware vCenter Server (vCenter Server) and VMware Cloud Foundation (Cloud Foundation) [VMW2021a] as of September 21, 2021. Some of these are critical vulnerabilities – specifically, the CVE-2021-22005 vulnerability was rated "critical" with a score of 9.8. VMware has released corresponding security updates.
On 21. September 2021, VMware released this security advisory on vulnerabilities CVE-2021-21991, CVE-2021-21992, CVE-2021-21993, CVE-2021-22005, CVE-2021-22006, CVE-2021-22007, CVE-2021-22008, CVE-2021-22009, CVE-2021-22010, CVE-2021-22011, CVE-2021-22012, CVE-2021-22013, CVE-2021-22014, CVE-2021-22015, CVE-2021-22016, CVE-2021-22017, CVE-2021-22018, CVE-2021-22019, CVE-2021-22020. The security advisory in question provides details as well as links to the updated products.
US-CERT warns
US-CERT has warned here on September 21, 2021 about vulnerability CVE-2021-22005 in vCenter Server. The vulnerability can be exploited when uploading arbitrary files, affecting the in Analytics service. A malicious cyber actor with network access to port 443 can exploit this vulnerability to execute code on vCenter Server.
Mass scans and exploitation
On September 24, 2021, VMware confirmed reports that CVE-2021-22005 is being exploited in the wild. In the following tweet, someone draws attention to a PoC for CVE-2021-22005.
Security researchers also report mass scans for vulnerable vCenter servers and publicly available exploit code. Due to the availability of exploit code, CISA expects widespread exploitation of this vulnerability. So administrators should patch as well as look into the workaround presented by VMware in this article to close the CVE-2021-22005 vulnerability.