Vulnerability Description
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Cloud Foundation | >= 3.0, < 5.0 |
| Vmware | Vcenter Server | 6.5 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIPExploitThird Party AdvisoryVDB Entry
- https://www.vmware.com/security/advisories/VMSA-2021-0020.htmlPatchVendor Advisory
- http://packetstormsecurity.com/files/164439/VMware-vCenter-Server-Analytics-CEIPExploitThird Party AdvisoryVDB Entry
- https://www.vmware.com/security/advisories/VMSA-2021-0020.htmlPatchVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-US Government Resource
FAQ
What is CVE-2021-22005?
CVE-2021-22005 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code ...
How severe is CVE-2021-22005?
CVE-2021-22005 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-22005?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Cloud Foundation, Vmware Vcenter Server.