Initiativen für
Als nationale Behörde für Cybersicherheit hat das ZCB mehrere Initiativen für bestimmte Zielgruppen entwickelt, die hier vorgestellt werden.
VMware vCenter Server has a Critical Vulnerability, Urgent patching/upgrading is recommended
Image
Veröffentlicht : 23/09/2021
Reference:
Advisory #2021-019
Version:
1.0
Affected software:
VMware Cloud Foundation
VMware vCenter Server
Type:
1 Critical CVE (vCenter Server file upload vulnerability), 9 Important, and 9 Moderate CVE’s
CVE/CVSS:
Highest score of 9.8/10
CVE-2021-22005 9.8
CVE-2021-21991 8.8
CVE-2021-22006 8.3
CVE-2021-22011 8.1
CVE-2021-22015 7.8
CVE-2021-22012 7.5
CVE-2021-22013 7.5
CVE-2021-22016 7.5
CVE-2021-22017 7.3
CVE-2021-22014 7.2
CVE-2021-22018 6.5
CVE-2021-21992 6.5
CVE-2021-22007 5.5
CVE-2021-22019 5.3
CVE-2021-22009 5.3
CVE-2021-22010 5.3
CVE-2021-22008 5.3
CVE-2021-22020 5.0
CVE-2021-21993 4.3
Sources
Vendor: https://www.vmware.com/security/advisories/VMSA-2021-0020.html
Other: https://www.tenable.com/blog/cve-2021-22005-critical-file-upload-vulnerability-in-vmware-vcenter-server
Risks
1 Critical vulnerability:
CVE-2021-22005: An unauthenticated attacker capable of accessing port 443 over the same network or directly from the internet could exploit a vulnerable vCenter Server by uploading a file to the vCenter Server analytics service. Successful exploitation would result in remote code execution on the host.
Please note that vCenter Server version 6.7 for Windows and version 6.5 for any installation are not affected by CVE-2021-22005.
9 Important vulnerabilities:
CVE-2021-21991 - vCenter Server local privilege escalation | 8.8 |
CVE-2021-22006 - vCenter Server reverse proxy bypass | 8.3 |
CVE-2021-22011 - vCenter server unauthenticated API endpoint | 8.1 |
CVE-2021-22015 - vCenter Server improper permission local privilege escalation | 7.8 |
CVE-2021-22012 - vCenter Server unauthenticated API information disclosure | 7.5 |
CVE-2021-22013 - vCenter Server file path traversal | 7.5 |
CVE-2021-22016 - vCenter Server reflected XSS | 7.5 |
CVE-2021-22017 - vCenter Server rhttpproxy bypass | 7.3 |
CVE-2021-22014 - vCenter Server authenticated code execution | 7.2 |
9 Moderate vulnerabilities:
CVE-2021-22018 - vCenter Server file deletion | 6.5 |
CVE-2021-21992 - vCenter Server XML parsing denial-of-service | 6.5 |
CVE-2021-22007 - vCenter Server local information disclosure | 5.5 |
CVE-2021-22019 - vCenter Server denial of service | 5.3 |
CVE-2021-22009 - vCenter Server VAPI multiple denial of service | 5.3 |
CVE-2021-22010 - vCenter Server VPXD denial of service | 5.3 |
CVE-2021-22008 - vCenter Server information disclosure | 5.3 |
CVE-2021-22020 - vCenter Server Analytics service denial-of-service | 5.0 |
CVE-2021-21993 - vCenter Server SSRF | 4.3 |
Description
1 Critical vulnerability has been reported which would allow an attacker to conduct Remote Code Execution on the host if successfully exploited.
9 important and 9 moderate vulnerabilities have been reported. These remaining vulnerabilities could provide attackers the following capabilities upon successful exploitation:
- privilege escalation
- denial of service
- information disclosure
- path traversal capabilities
These vulnerabilities might be valuable to attackers, if access to the infrastructure has been established through other means.
Recommended Actions
To address the 19 vulnerabilities disclosed in its advisory, VMware released patches for vCenter Server 7.0, 6.7 and 6.5.
If patching is not feasible, VMware provided a temporary workaround for CVE-2021-22005 on this link: https://kb.vmware.com/s/article/85717
Please find all details on the VMware advisory page.
https://www.vmware.com/security/advisories/VMSA-2021-0020.html
References
Manufacturer:
https://www.vmware.com/security/advisories/VMSA-2021-0020.html (Vendor advisory)
https://blogs.vmware.com/vsphere/2021/09/vmsa-2021-0020-what-you-need-to-know.html
https://core.vmware.com/vmsa-2021-0020-questions-answers-faq#
Other:
https://www.tenable.com/blog/cve-2021-22005-critical-file-upload-vulnerability-in-vmware-vcenter-server