Threat Post -
UPDATE: Malicious actors are already scanning honeypots, looking for servers vulnerable to the critical arbitrary file upload flaw in vCenter servers’ Analytics service.
VMware has released a security update that includes patches for 19 CVE-numbered vulnerabilities that affect the company’s vCenter Server virtualization management platform and its hybrid Cloud Foundation platform for managing VMs and orchestrating containers.
They’re all serious, but one – CVE-2021-22005, a critical arbitrary file upload vulnerability in the Analytics service that’s been assigned the maximum CVSSv3 base score of 9.8 – is uber nasty.
“This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server,” said Bob Plankers, Technical Marketing Architect at VMware.
092321 0935 UPDATE: On Wednesday afternoon, Bad Packets revealed that it had spotted threat actors scanning for vulnerable vCenter servers that haven’t yet applied VMware’s CVE-2021-22005 update. There’s no exploit code that’s been made public – yet – but within hours of VMware’s disclosure, threat intelligence firm Bad Packets began to see attackers scanning some of its VMware honeypots for the critical vulnerability.
CVE-2021-22005 scanning activity detected from 126.96.36.199