This vulnerability allows local malicious users to escalate privileges on affected installations of VMware vCenter Server Appliance. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the permissions of root-owned service files. The product sets incorrect permissions on sensitive files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
vmware vcenter server 6.5 |
||
vmware vcenter server 6.7 |
||
vmware vcenter server 7.0 |
||
vmware cloud foundation |
Get our weekly newsletter File upload vuln lets miscreants hijack vCenter Server - and is being exploited in the wild
Update VMware has disclosed a critical bug in its flagship vSphere and vCenter products and urged users to drop everything and patch it. The virtualization giant also offered a workaround. The bug is one of 19 disclosed today by VMware. The worst of the bunch is CVE-2021-22005, described as "an arbitrary file upload vulnerability in the Analytics service" that's part of vCenter Server. The flaw is rated 9.8/10 in severity using the Common Vulnerability Scoring System. "A malicious actor with net...
Vulmon