vCenter Server File Upload Vulnerability
Kate Drankoff 09/29/2021
1 Minutes

A vulnerability has been identified in the VMware vCenter Server product that could allow a threat actor to execute malicious code. The vulnerability exists in the Analytics service and can be attacked by an unauthenticated user via port 443. There are both patches and temporary workarounds available by VMware. This vulnerability can be exploited regardless of current configuration settings.

This vulnerability exists in:

  • VMware vCenter 6.7x/7.0x
  • VMware Cloud Foundation 3.x/4.x, which bundles vCenter

Proof of Concept (POC) code has been seen floating around the Internet, and network scans looking for this vulnerability have been detected. The environments with the most significant risk are those that expose their vCenter Server over the Internet. All others should consider this threat with a “assume compromise” position and patch just as quickly. The service needs to be patched so other threats (e.g., ransomware, phishing attacks, etc.) can’t attack the VMware environment once inside the network.  

If your vCenter is assessible to the internet, the best course of action for this vulnerability is to patch as soon as possible.

Related Posts

It is a long established fact that a reader will be distracted by the readable content of a page when looking at its layout.

Dan Sanderson 20 May, 2022

Be Wary with Cyber Insurance

In the battered security landscape, companies are doing all they can to transfer risk out of their…

Cyber Advisors Security Updates May 2022

This month is another important month for Microsoft Patch Tuesday and subscribers of our Cyber…

Kate Drankoff 15 April, 2022

Two Great Takes on Tarrask

The Chinese-backed Hafnium hacking group has been linked to a piece of a new malware that's used to…