Threat Response – Multiple vCenter Server Vulnerabilities
On the 25th of May VMWare published a patch to a critical vulnerability in vCenter Server . This vulnerability affects vCenter Server versions 6.7 and 7.0. The vulnerability is tracked as CVE-2021-22005. Additionally, multiple slightly less serious vulnerabilities with numbers CVE-2021-21991, CVE-2021-21992, CVE-2021-21993, CVE-2021-22006, CVE-2021-22007, CVE-2021-22008, CVE-2021-22009, CVE-2021-22010, CVE-2021-22011, CVE-2021-22012, CVE-2021-22013, CVE-2021-22014, CVE-2021-22015, CVE-2021-22016, CVE-2021-22017, CVE-2021-22018, CVE-2021-22019, and CVE-2021-22020 are patched. Some of these vulnerabilities also impact vCenter Server version 6.5 and earlier.
The vulnerability CVE-2021-22005 in vCenter Server 6.7 and 7.0 enables an unauthenticated attacker who has access to port 443 to execute commands and software by uploading a malicious file. We assess the impact of this vulnerability as high. This specific CVE has no impact on vCenter Server 6.5.
This attack is relatively easy to exploit, if port 443 is available for attackers . Therefore the risk of an attacker exploiting this vulnerability is high.
VMware provided patches to resolve the listed vulnerabilities. Northwave advises to perform this patch as quickly as possible. If this is not directly possible, a workaround/mitigation is available, namely editing out specific entries in “/etc/vmware-analytics/ph-web.xml”. See  for instructions.
What does Northwave do?
Northwave is investigating the possibilities for monitoring exploitation attempts of this vulnerability, and will implement detection rules when possible.
Northwave will monitor any developments regarding this vulnerability. If new critical information about this threat arises we will reach out to you. If you need additional information you can call us by phone or send us an email.
E-mail: [email protected]
Do you have an incident right now? Call our CERT number: +31 (0)85 043 7909 or 0800-1744 (alleen vanuit Nederland)
Disclaimer applies, see below.
Northwave has made every effort to make this information accurate and reliable. However, the information provided is without warranty of any kind and its use is at the sole risk of the user. Northwave does not accept any responsibility or liability for the accuracy, content, completeness, legality or reliability of the information provided. We shall not be liable for any loss or damage of whatever nature, direct or indirect, consequential or other, whether arising in contract, tort or otherwise, which may arise as a result of your use of, or inability to use, this information or any additional information provided by us in direct or indirect relation to the information provided here.