This vulnerability allows local malicious users to escalate privileges on affected installations of VMware vCenter Server Appliance. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the permissions of root-owned service files. The product sets incorrect permissions on sensitive files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware vcenter server 6.5 |
||
vmware vcenter server 6.7 |
||
vmware vcenter server 7.0 |
||
vmware cloud foundation |
Get our weekly newsletter File upload vuln lets miscreants hijack vCenter Server - and is being exploited in the wild
Update VMware has disclosed a critical bug in its flagship vSphere and vCenter products and urged users to drop everything and patch it. The virtualization giant also offered a workaround. The bug is one of 19 disclosed today by VMware. The worst of the bunch is CVE-2021-22005, described as "an arbitrary file upload vulnerability in the Analytics service" that's part of vCenter Server. The flaw is rated 9.8/10 in severity using the Common Vulnerability Scoring System. "A malicious actor with net...