Multiple Vulnerabilities in VMware vCenter and Cloud Foundation – patch available

Affected Products

The critical vulnerability affects VMware vCenter 6.7 and 7.0 as well as VMware Cloud Foundation 3.x and 4.x, additional vulnerabilities also affect vCenter 6.5. VMware has published a detailed matrix on their website (see Additional Information).

Known Attack Vectors

Risk level 1 – can be exploited from outside of the corporate network
Risk level 2can be exploited from within the corporate network x
Risk level 3 – can be exploited on the local machine x
Some vulnerabilities can be abused via network access to ports (443, 5480, 9087), others can be exploited locally.

Description of the Attack

Remote Code Execution: an attacker with network access to port 443 can abuse CVE-22005, to execute malicious code on the vCenter.

Local privilege escalation: an attacker can escalate their privileges when logged on to the vCenter with a non-administrative user.

Additional attacks are described on the VMware security advisory (see below).

Recommendation / Resolution

We advise our clients to install the available patches to resolve the vulnerabilities. For some of the vulnerabilities, there are also workarounds available (see below), but patching should be possible without affecting the end users on the environment and is therefore prefered.

Additional Information

https://www.vmware.com/de/security/advisories/VMSA-2021-0020.html (list and decription of the vulnerabilities)
https://core.vmware.com/vmsa-2021-0020-questions-answers-faq (FAQ)