Affected Products
The critical vulnerability affects VMware vCenter 6.7 and 7.0 as well as VMware Cloud Foundation 3.x and 4.x, additional vulnerabilities also affect vCenter 6.5. VMware has published a detailed matrix on their website (see Additional Information).
Known Attack Vectors
| Risk level 1 – can be exploited from outside of the corporate network | |
| Risk level 2 – can be exploited from within the corporate network | x |
| Risk level 3 – can be exploited on the local machine | x |
Description of the Attack
Remote Code Execution: an attacker with network access to port 443 can abuse CVE-22005, to execute malicious code on the vCenter.
Local privilege escalation: an attacker can escalate their privileges when logged on to the vCenter with a non-administrative user.
Additional attacks are described on the VMware security advisory (see below).
Recommendation / Resolution
We advise our clients to install the available patches to resolve the vulnerabilities. For some of the vulnerabilities, there are also workarounds available (see below), but patching should be possible without affecting the end users on the environment and is therefore prefered.
Additional Information
https://www.vmware.com/de/security/advisories/VMSA-2021-0020.html (list and decription of the vulnerabilities)
https://core.vmware.com/vmsa-2021-0020-questions-answers-faq (FAQ)