CVE-2021-22005 Scanner
Detects 'File Upload' vulnerability in VMware vCenter Server, VMware Cloud Foundation affects v. VMware vCenter Server(7.x before 7.0 U2c and 6.7 before 6.7 U3o) and VMware Cloud Foundation (4.x before 4.3 and 3.x before 3.10.2.2).
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
1 month
Scan only one
Domain, Ipv4
Toolbox
-
VMware vCenter Server is a centralized management platform for VMware vSphere environments. It enables the management of virtual machines and hosts, and also allows for the administration of storage, network, and security policies. VMware Cloud Foundation is a platform that combines VMware vSphere, VMware NSX, and VMware vSAN to provide a complete software-defined data center solution. Its goal is to simplify the deployment and management of hybrid cloud platforms.
The CVE-2021-22005 vulnerability detected in VMware vCenter Server's Analytics service is an arbitrary file upload vulnerability. Essentially, any malicious actor with network access to port 443 of the affected vCenter Server can exploit this vulnerability by uploading a specially crafted file. This can allow the actor to execute code on the vCenter Server.
If exploited, this vulnerability can lead to significant security risks. Attackers can potentially gain unauthorized access to critical data, and even take control of the entire vCenter Server infrastructure. This can result in the theft of sensitive information, misconfiguration of virtual machines and hosts, or even ransom demands.
By using the pro features of the s4e.io platform, readers can quickly and easily learn about vulnerabilities in their digital assets. With our help, they can stay on top of the latest security threats and ensure that their networks are protected from potential cyber attacks. Our platform offers comprehensive vulnerability scanning and remediation, so organizations can keep their data safe and secure at all times.
REFERENCES