About

VMware vulnerability being exploited afresh

VMware released a new security advisory on 21st September, 2021. The security advisory seeks to provide solution for the CVE-2021-22005, a critical vulnerability on the vCenter server 7.0, vCenter server 6.7 and vCenter Cloud foundation server version 4.x. The vulnerability allows a remote attacker to upload a carefully crafted file on the vCenter server and use it to remotely execute the code. In a way, it becomes a remote code execution vulnerability on the vCenter server. The vulnerability is critical and carries a CVSS score of 9.8, therefore requiring immediate patching for a resolution.

CVE-2021-22005 resolution on VMWare vCenter Server version 7

VMWare has released a security document that details the process to follow for remediation of the CVE-2021-22005. The update involves pushing vCenter server update 2c to patch the vCenter server on version 7.0 against the vulnerability. Release notes for the security vulnerability can be found on this link. The update process focuses on installing an ISO file on the vCenter server. The file details have been put in below for a ready reference:

  • Download Filename: VMware-vCenter-Server-Appliance-7.0.2.00400-18356314-patch-FP.iso
  • Build:18356314
  • Download Size:5550.2 MB
  • md5sum:31bbecb2bac8d42d7d962a2e8ce1c46e
  • sha1checksum:a77c8831258696d5cb731737003e63b7ab4b28db

CVE-2021-22005 resolution on VMWare vCenter Server version 6.5

The VMware server version 6.5 remains unaffected with this vulnerability. But the VMware server 6.7 also needs to be patched to cover the CVE-2021-22005 vulnerability. The patch fix for the vCenter Server version 6.7 lies in the update 3o released by VMWare. The update’s release notes can be found here.

CVE-2021-22005 resolution on VMWare Cloud Foundation Server

The VMWare vCenter Server Cloud Foundation 4.1.x, 4.2.x and 4.3 are affected with a CVE-2021-22005 critical vulnerability involving file upload on a Cloud Foundation server on port 443. The fix for the vulnerability has been posted in the VMWare security release or VMWare version 4.3.1. You will need to update the Cloud Foundation to version 4.3.1. The security release for the vCenter Server appliance on the Cloud Foundation server can be seen here.

Summary

As a bare minimum, CVE-2021-22005 needs to be patched immediately on the vCenter Server 7.0, vCenter Server 6.7 and vCenter Server Cloud Foundation Server versions 4.1.x, 4.2.x and 4.3. VMWare has already released security patches for each vCenter server appliance.