vCenter Server File Upload Vulnerability

Posted by Kate Drankoff on Sep 29, 2021 9:00:28 AM

A vulnerability has been identified in the VMware vCenter Server product that could allow a threat actor to execute malicious code. The vulnerability exists in the Analytics service and can be attacked by an unauthenticated user via port 443. There are both patches and temporary workarounds available by VMware. This vulnerability can be exploited regardless of current configuration settings.

This vulnerability exists in:

  • VMware vCenter 6.7x/7.0x
  • VMware Cloud Foundation 3.x/4.x, which bundles vCenter

Proof of Concept (POC) code has been seen floating around the Internet, and network scans looking for this vulnerability have been detected. The environments with the most significant risk are those that expose their vCenter Server over the Internet. All others should consider this threat with a “assume compromise” position and patch just as quickly. The service needs to be patched so other threats (e.g., ransomware, phishing attacks, etc.) can’t attack the VMware environment once inside the network.  

If your vCenter is assessible to the internet, the best course of action for this vulnerability is to patch as soon as possible.

Topics: security

About this blog

Welcome to the Cyber Advisors Blog.  Please take a moment to read through our content.  If you would like more information on any of these topics, simply reach out to us via contact information below.  If you find our content valuable, please subscribe.  

 

 
 
Would you like to hear from us? Click Below!
Learn More

Subscribe Here!

Recent Posts

Posts by Tag

See all