Active scanning for VMware vCenter Vulnerability
Active scanning has been reported within hours of VMware releasing a patch for the CVE-2021-22005 file upload vulnerability. This vulnerability could lead to unauthenticated attackers executing arbitrary code remotely. The vulnerability does not require user interaction and is reported to be simple to exploit.
This vulnerability affects VMware vCenter Servers 6.7 and 7.0.
What this means
The file upload vulnerability can lead to remote code execution (see VMware’s security advisory External Link for full description and attack vectors).
What to look for
How to tell if you're at risk
If you run vCenter Server 6.7 or 7.0 and have not yet updated to versions:
- vCenter Server 7.0 U2c
- vCenter Server 6.7 U3o
What to do
CERT NZ recommends that you apply the latest updates to all vCenter Servers as soon as possible.
- VMware advisory of the vulnerability External Link .
- VMware vCenter Server 7.0 Update 2c External Link .
If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.
For media enquiries, email our media desk at email@example.com or call the MBIE media team on 027 442 2141.