A vulnerability has been identified in the VMware vCenter Server product that could allow a threat actor to execute malicious code. The vulnerability exists in the Analytics service and can be attacked by an unauthenticated user via port 443. There are both patches and temporary workarounds available by VMware. This vulnerability can be exploited regardless of current configuration settings.
This vulnerability exists in:
- VMware vCenter 6.7x/7.0x
- VMware Cloud Foundation 3.x/4.x, which bundles vCenter
Proof of Concept (POC) code has been seen floating around the Internet, and network scans looking for this vulnerability have been detected. The environments with the most significant risk are those that expose their vCenter Server over the Internet. All others should consider this threat with a “assume compromise” position and patch just as quickly. The service needs to be patched so other threats (e.g., ransomware, phishing attacks, etc.) can’t attack the VMware environment once inside the network.
If your vCenter is assessible to the internet, the best course of action for this vulnerability is to patch as soon as possible.
